Code Quality is a problem that appeared when software was invented.
Poor code quality causes a variety of issues: low team velocity, application decommissioning, crashes in production, bad company reputation…
At SonarSource we provide the solution to improve Maintainability, Reliability and Security.
This is commonly referred to as technical debt. Issues associated with maintainability are named “code smells” in our products.
By nature, software is expected to change over time, which means that code written today will be updated tomorrow. The ability, cost and time to make such changes in a code base correlates directly to its level of maintainability. In other words, low maintainability means low velocity for development teams.
Maintainability includes many concepts such as modularity, understandability, changeability, testability and reusability. It does not take the form of critical issues, but is rather the result of thousands of minor issues with best practices.
This is commonly referred to as potential bugs or as code that will not have the expected behavior at runtime.
This category of issues groups everything that has to do with operational risks or unexpected behavior at runtime. It generally takes the form of critical programming errors that could cause a business disruption.
Some of these issues will lie in a simple lack of compliance with best practices, but most will be detected by deep analysis of the code and symbolic execution of the code to understand the state of variables at any given point in the program.
This is commonly referred to as vulnerabilities or flaws in programs that can lead to use of the application in a different way than it was designed for.
This category of issues groups everything that has to do with a program having flaws that can be exploited to make it behave differently from what it was designed for. Security vulnerabilities such as SQL injection or cross-site scripting can result from poor coding and architectural practices. These issues are well documented in lists maintained by CWE and CERT