This content originally appeared on Bits and Pieces - Medium and was authored by Kasun Rajapakse
Get to know the best practices used in the industry to improve code quality.
Ensuring code quality is a team effort regardless of the job title. A manager, developer, or tester has to work through to delivery of high-quality code.
Here is a list of practices for improving code quality that will be useful for any software project.
1. Use Linter at IDE Level ?
The use of linter will help you to avoid many problems. As we all know, linters reads the codes and gives errors and warnings if the code is not compliant with the language’s specific standard defined.
Popular IDEs such as VS Code, JetBrain, Atom has numerous integrations and add-ons for code lint. For example, VS Code has linting for Python, JS lint, and other popular programming languages.
When adding Linting for an existing code base, I would recommend starting with a minimal ruleset. Then you can add more rules gradually based on manual code review findings.
Integrate Linter tools with the CI process help teams to enforce code quality and establish governance. We can do it with CI/CD tools such as Jenkins, Azure DevOps, Bamboo, etc. Few examples for automated linter are flake8, black, pre-commit.
Some of the code quality evaluation platforms like SonarCloud also provide the linter to run at the IDE level, imposing the same rule set defined for the platform in one place.
Also, there are practices where you can enforce the development team to check linting before committing the code, reducing the overall iteration time.
You can do that by adding the linter execution at git pre-commit hooks.
2. Right Balance of Comments ?
We can identify two types of developers, who comment on everything and don’t comment on anything.
As many of us experienced, adding too many comments to the code makes it more cluttered and hard to read. On the other hand, not commenting anything leaves future developers in a state of turmoil.
Therefore, we typically recommend making the code itself self-explanatory to require minimal comments to explain it to best practices.
I would also recommend explaining what the code does instead of explaining what’s defined in the code.
However, adding comments is of no use unless they are updated while modifying the code relates to it.
Tip: Share your reusable components between projects using Bit (Github).
Bit makes it simple to share, document, and reuse independent components between projects. Use it to maximize code reuse, keep a consistent design, speed up delivery, and build apps that scale.
Bit supports Node, TypeScript, React, Vue, Angular, and more.
3. Test Automation ??
Testing code is essential for writing quality code. Automating the testing will help to reduce the manual overheads of repetitive testing. However, this doesn’t mean that we can eliminate manual testing.
Having a comprehensive test suit helps identify code failures and gives us the freedom to refactor with confidence.
It’s also important to write testable code.
So you might wonder, where should we start? What tests should we focus on?
It finally depends on the nature of the application, API, etc. For example, if you are developing an API, you can rely on automating the API Testing and Unit Testing. If it’s a web application, you can use end-to-end testing, Unit Testing.
You can also refer to the test pyramid to get a better understanding of the tests required.
Depending on your strategy, you can use efficient testing methods like Snapshot testing, following test-driven development.
4. Manual Code Review ?
Code review is the most crucial step for writing quality code. Typically we do code review at the Git Pull Request level, where modern Git platforms like GitHub, Azure DevOps, GitLab facilitating it. It will allow verifying the code before merging into the relevant branch.
It is also possible to automatically add code review comments using code analysis tools like SonarCloud which will help to reduce the manual efforts.
However, no static analyzer at the moment is capable of entirely replacing a seasoned developer who is doing a manual review.
But, as a continuous improvement process, you could periodically evaluate the common errors found by reviewers and find new rules or new static code analyzers to automate them.
5. Quality Gates ?
Quality gates set up conditions and guidelines that indicate if the project is analyzed to see if it meets the necessary criteria to move into the next phase.
How Quality Gates helps to improve the code quality
Quality Gate help identifies the quality issues in code and blocks bad code before reaching the production environment. Following activities, we typically carried out in Quality Gates.
- Measure Test Coverage and ensure it’s above a certain level.
- Execute automated tests (Unit, Integration, E2E).
- Execute static code analysis.
However, it is essential to understand the execution time and place these gates at the right place in the CI/CD pipeline.
For example, we can execute Unit Tests, Static Code Quality Analysis on top of the Pull Request while running Integration Tests and E2E tests after merging the code or periodically depending on the time and resources it requires.
6. Periodic Due Diligence ?
Technical due diligence is a process we follow to evaluate the technology, product, architecture, and procedures.
Why software due diligence?
In the modern technology world, the importance of software for business success is increasing. Software is the backbone of contemporary digitalization. With high demand and competition in software assets, it’s essential to determine the application architecture designed to follow current technologies and open for future extensions.
Following a few due diligence, we need to follow on software development.
- Verify the team follows a process accordingly. E.g., Software requirements, features, and bugs are caught and planned the code changes are recorded accordingly to the process.
- Verify whether the team follows an efficient software delivery process. E.g., A new version of the application can be rolled out with testing in the shortest possible time.
- Can each version be tracked transparently concerning the planned and actually rolled out features?
- To what extent is the user integrated into the bug tracking process to ensure the bug’s timely and comprehensive reporting?
- To what extent are update and upgrade mechanisms in the software automated?
- Is the technical debts are paid off periodically, and a proper evolving architecture is in place.
- The team follows security and code quality best practices with continuous improvements.
Are some of them.
7. Define Coding Standards ?
Defining standards has a positive impact on any organization or team. So it’s the same for software development as well. Defining the coding standard helps organizations organize and sheers the software development team’s focus to meet quality goals.
Coding standards help developers and team members work on a project that follows a specific set of guidelines—advantages of Implementing Coding Standards.
- Enhanced Efficiency
- The risk of project failure is reduced.
- Minimal Complexity
- Easy to Maintain
- Cost-Efficient
Besides, it’s also essential to establish values for the team to improve quality. A good example would be the boy scouts rule.
Always leave the campground cleaner than you found it. If you find a mess on the ground, you clean it up regardless of who might have made it — Source
This is an excellent analogy to tell the team to ensure that they don’t leave half-done code.
8. Vulnerability Scanning ⚠️
Vulnerability management is a key responsibility of any IT security teams and software development teams. It involves assessing, mitigating, and reporting any security vulnerabilities in an organization’s systems and software.
A vulnerability scanner is an application that identifies any CVS vulnerabilities within the code. It scans the application’s codebase and notifies if any known vulnerabilities are placed within the code.
If you plan to start minimal, you can use the “npm audit” command in the CI/CD pipeline for JavaScript, Node library vulnerability analysis.
Most organizations automate vulnerability scanning through CI/CD pipelines. We can implement DevSecOps into application deployment to identify such vulnerabilities before deployed to a production system.
Conclusion
- As a software development team, it’s necessary to follow the above best practices to have an efficient and quality software product.
- Having coding standards help to follow command practice among the team and SDLC.
- Performing vulnerability scan help to identify software vulnerabilities before releases to the production environment.
Finally, if you’ve come across any issues following the steps in this article, please comment below.
Learn More
- How To Write Better Code in React
- Code Principles Every Programmer Should Follow
- JavaScript Best Practices for Readable and Maintainable Code
8 Practices to Ensure Better Code Quality was originally published in Bits and Pieces on Medium, where people are continuing the conversation by highlighting and responding to this story.
This content originally appeared on Bits and Pieces - Medium and was authored by Kasun Rajapakse
Kasun Rajapakse | Sciencx (2021-02-10T21:43:35+00:00) 8 Practices to Ensure Better Code Quality. Retrieved from https://www.scien.cx/2021/02/10/8-practices-to-ensure-better-code-quality/
Please log in to upload a file.
There are no updates yet.
Click the Upload button above to add an update.