Regardless of the company we work for, the project we contribute to, or our years of experience as individual developers or as a team, we inevitably make mistakes while coding. On average, a development team generates about 15 to 50 errors per 1,000 lines of delivered code, according to Steve McConnell in his book Code Complete. Some of these errors make their way through the development workflow and can cost a lot of time and money to fix. On rare occasions, these errors can even impact your credibility as a developer, as a team, or as a company. A Clean Code solution will help prevent this! In fact, it will do way more than that.
Two months ago, I presented five features for developers that want Clean Code. In this blog, I'm going to focus on key features that make SonarCloud the perfect tool for development teams to deliver Clean Code. I'm going to cover what a Clean Code solution does, how it helps disseminate the right Clean Code practices among the team members, and how it ensures alignment with coding standards.
What does a Clean Code solution do?
For a long time, code quality was the responsibility of auditors. They would look at the code long after it was written, identify problems, and report a long list of issues to be fixed. Developers would then have to dedicate time to remediate these code flaws, which would take them away from innovating. Fifteen years ago, Sonar took a radically different direction in its approach to Clean Code. The company was created from the strong belief that only developers can have a significant impact on the quality of code. By allowing them to analyze code early in the development workflow, developers would be able to own the quality of their code and save precious time and effort spent remediating issues when they are discovered too late. This is how Sonar was born.
How will a Clean Code solution like Sonar empower the developers in your team? At a primary level, by delivering the right information at the right place and time:
- The right information is comprehensive code feedback. This feedback covers all languages and technologies, relies on thousands of coding rules, and touches on all code attributes. At Sonar, we believe Clean Code is secure, maintainable, reliable, portable, sustainable, and safe.
- The right place is the developer's environment, whether it's in the IDE or in the DevOps Platform upon pull request opening. A solution like Sonar provides feedback where developers work so that they don't have to switch contexts.
- The right time means instant feedback. In the IDE, by highlighting code issues on the fly as you're writing code; in the DevOps Platform, by decorating pull requests in seconds.
More than just providing feedback on pull requests, a Clean Code solution like Sonar provides full visibility of the evolution of the quality of a project, with key metrics for your team to review. But it does way more than that. In the next section, we’re going to explore how it helps development teams enforce Clean Code practices and deliver code that adheres to high coding standards.
How to enforce Clean Code practices within your team?
If when you think about a Clean Code solution, you instantly imagine yourself drowning in an ocean of code alerts and issues to fix, then read on. The time for long, painful hardening sprints focused solely on technical debt is over. A tool like SonarCloud isn't just a way to systematically detect and report issues; it also implements a killer built-in methodology that will change how your team cleans code and thinks about it. Introducing Clean as You Code!
Instead of dedicating weeks - even months in some cases, to address the poor quality of a project, the Clean as You Code methodology helps development teams do it in an incremental way. Sounds promising? By helping developers own the quality of the code they write today, the Clean as You Code methodology helps ensure that no critical issue gets added to the code base. Moreover, in the process of writing new code, a developer will most likely touch old code that will get analyzed and cleaned, so the overall quality of the code base will progressively improve after every commit. Every year, about 20% of the code base gets changed.
The Clean as You Code methodology relies on two core principles:
- Set up a quality gate on new code (see next section). Then, every pull request gets analyzed and receives a quality gate status that informs the developer of the quality of this new code. If it's green, it means you can merge. If it's red, you must fix the critical issues first.
- Don't merge unless the quality gate is green. This way, you ensure no developer in your team will add any critical issues to the code base.
More than a methodology, Clean as You Code really is a practice your team should adopt. Once the decision is made and relayed to the team to strictly respect the two core principles of the methodology, your team will be on the right path to success with Clean Code. Clean as You Code empowers your teammates to own the quality of their code. By using SonarCloud every day, they will merge code that's clean and the quality of the code base will progressively improve. By following the Clean as You Code practice, it will get easier to work with your code, faster to implement new features, so productivity will improve and the morale of your team will be positively impacted in parallel.
How to align the team on coding standards?
Adding a Clean Code solution to your development workflow represents an opportunity for a development team to align on coding standards. Most of the time, without such a solution, developers will apply the fruits of their extensive knowledge to their code, which relies on many factors, such as their level of experience with the language. When your team starts using SonarCloud, questions arise when issues are uncovered, and discussions about coding standards start to happen naturally. It's a healthy process for every team that leads to defining your own standards. Sometimes, that also means adjusting the quality gate or the quality profile.
Configuring your Quality Gate
The quality gate is key for the implementation of the Clean as You Code methodology. It's a set of conditions for your code to meet. Otherwise, your CI/CD pipeline automatically fails. By default, every SonarCloud organization comes with the built-in Sonar way quality gate and is assigned to all new projects. The Sonar way quality gate places a minimum requirement of an A rating on Reliability, Security, and Maintainability, a minimum requirement of 50% coverage, and a maximum of 3% duplicated lines of code. This is applied to new code only. There are no conditions on the overall code. This quality gate represents our view of the best way to implement the Clean as You Code methodology. The quality gate can be entirely customized. Your team can decide to add, remove or adjust any of the conditions (including adding some on the overall code). We recommend modifying your quality gate carefully considering how fundamental it is for the Clean as You Code methodology. For more information about how to set your own Quality Gate, please visit our documentation page on Managing Quality Gates.
Configuring your Quality Profile
Quality profiles are a key part of the SonarCloud configuration. They define the set of rules to be applied during our code analysis. They rely on thousands of coding rules. Same as with the quality gate, by default, every organization comes with one quality profile for each programming language that SonarCloud supports. This built-in profile is also set as the default that will be used in all new projects. But you can create a new quality profile for a given language. For more information about how to set your own Quality Profile, please visit our documentation page on Managing Quality Profiles.
SonarCloud analysis can also be extended through the web API.
What are you waiting for? Onboard your team to SonarCloud now!
In the end, SonarCloud will unite your team around the goal of delivering clean code. By leveraging the Clean as You Code methodology, developers will own the quality of their code and stay focused on building new features rather than on de-bugging old ones. Each member of your team will take pride in the quality of their code, and the team as a whole will deliver quality releases.
Are you ready to onboard your team? It's pretty simple. Sign-up here. For GitHub users, upon organization import, the members and permissions will automatically be synchronized with SonarCloud. So when an organization member connects to SonarCloud for the first time, they will be automatically added to the SonarCloud organization. For the three other supported DevOps Platforms, your teammates will first have to create a SonarCloud account before you can manually add them to your SonarCloud organization. For more information on how to proceed, visit our documentation page on Managing members.
If you have any questions or if you encounter a problem, please go to our Community Forum. We'll be more than happy to get you and your team up and running.
Pick a topic to discover more