Continuous Inspection

CISCO IT

SonarQube has triggered a three-fold business impact for Cisco IT: delivery excellence, engineering excellence and business value (via cost savings).

Cisco Systems (NASDAQ: CSCO) is a worldwide leader in networking technologies. With 73,460 employees and Q2 FY13 revenues of $12.1 billion, Cisco is a market leader in a variety of technology sectors including security, web conferencing, routing: edge/core/access, voice, and others. Cisco IT represents the engineering division of the company, responsible to enhance developer productivity and implementing best practices in continuous delivery, build management, code review and deployments. Cisco IT aims to design, implement and evangelize best-of-breed software quality and maintenance tools.

Key challenges for software quality

Today, Cisco IT is on track to become the #1 IT organization in the world, but there was a time when its inability to manage software quality might have been a stumbling block. According to Cisco IT Engineer Dhairya Sanghvi, the quality of the code that made it into and through QA was an issue. “There used to be numerous code-related issues that escalated over time and cost us a lot.”

Part of the problem was a lack of standards. “We used to have development teams conduct code reviews and non-functional analyses in a disorganized manner,” Sanghvi said. “There was no storage of information or clear understanding of the number of defects,” and no way to see how quality changed over time. Further, “the systems and processes in place for code reviews were not standardized, as there was no common tool or rule set being used to perform (reviews).” Development teams were using various tools for static analysis and unit testing, but he said “Cisco IT needed to shift its focus to a tool with more mature reporting capabilities that can be interpreted by developers and management alike.”

SonarQube was the unanimous choice

While looking for tools that would fill Cisco IT’s needs, Sanghvi said the research team was also trying to incorporate agile practices like continuous integration into the Cisco IT development environment. He said the team was sold on SonarQube’s features, but integration was the clincher. “SonarQube was a code analysis tool that integrated well with Jenkins and we went, ‘A-ha, SonarQube it is then!’ … SonarQube was the unanimous choice.”

Sanghvi said SonarQube has “a lot of great features,” but these stand out:

  • Customizable Rule sets – “The customizable quality profiles in SonarQube are one great flexibility that has been pretty darn useful considering we have teams as varied as chalk and cheese on-boarded on our platform,” Sanghvi said. “Also, the ease of transferring the xml rulesets (from one SonarQube instance to another) and the inheritance capability of these profiles make it the perfect offering.”
  • Portfolio management (Views) – Cisco IT is using the portfolio management plugin to provide management-friendly, personalized quality metrics throughout the company. This gives a great incentive for the entire organization to regularly check their progress, track improvements and take actions to fix quality flaws.
  • Time Machine – “The trend analysis report is one of the most prolifically used capabilities within SonarQube, and helped us convince many a project team to adopt the tool” Sanghvi said. “The ability to see our projects’ quality improvement over long periods of time is one of the most critical items to have in your arsenal.” When combined with the portfolio management plugin, this feature provided a complete window into the organization’s performance.

Considerable resource-time is saved in code reviews and feature integration

According to Sanghvi, Cisco IT’s adoption of SonarQube has been a huge win for the company. “SonarQube has triggered a three-fold business impact that we have seen extensively in every project team we have on-boarded – delivery excellence (time to capability reduced), engineering excellence (quality improvement) and business value (cost savings).” By shifting the code analysis to the development stage and running it on a daily basis, Cisco IT has enhanced its code quality substantially, and consequently reduced emergency bug fixes, which “translates to considerable cost savings for the organization,” Sanghvi said. “A defect caught at an earlier stage in the PLC is way less expensive than one caught later on.”

The next big win was in the area of code reviews. Every team now conducts code reviews in the same place, using the same tools and metrics, and SonarQube provides clarity and time-based visibility on the key defect metrics. “There is considerable resource-time saved in code reviews and feature integration thanks to daily code analysis performed by SonarQube.” Additionally, “SonarQube, with its relevant quality profiles and their customizability” has brought teams onto the same page with each other. “Teams could now implement common rule sets used by their peer teams and customize a few rules of their own.”

Sanghvi is enthusiastic about SonarQube and says “there is no one single USP (unique selling proposition) of SonarQube that drives us to it…like I said there are a lot of great features mentioned above that define SonarQube’s value proposition. But let me just outline one unconventional little item here – SonarSource support. Period. Extensive use at an early stage of adopting the tool ensured that we had (answers to) a number of queries that needed to be answered promptly. SonarSource did not disappoint. There were times when we needed trial licenses for Views and PL/SQL plugins urgently. It never took more than an hour for the support team to provide it.”

Cisco IT now uses SonarQube to analyze more than 9 million lines of Java, PL/SQL and C/C++ code in 90 applications, and this number is expected to rise to 150 million by the end of the next quarter. The software quality process is driven by development teams located in the United States and India.