Article: Implementing Automated Governance for Coding Standards

Posted by Floyd Marinescu on Jul 26, 2007

Sections

Operations & Infrastructure,

Process & Practices,

Architecture & Design,

Development

Topics

Delivering Quality ,

Java ,

Quality ,

Code Analysis ,

Continuous Integration ,

Languages ,

Debugging ,

Software Craftsmanship ,

Profilers ,

Agile Techniques ,

Build systems ,

Agile ,

Architecture ,

Programming ,

Ant ,

Parasoft JTest

Most development organizations of a significant size have some form of coding standards and best practices. Simply documenting these standards and keeping them up to date can be a significant challenge and enforcing them even harder.  In this latest InfoQ article, Mark Figley, who leads the architecture group at AIG United Guaranty, writes about about how his organization has found that enforcing coding standards and best practices in an automated fashion through their build process has been highly effective.

Read  Implementing Automated Governance for Coding Standards.

In the article Mark talks about how they evolved to use a server-based build process where various tools scan code for possible problems, as well as best practices for implementing an automated code governance strategy.

What tools/processes are you using for managing your coding standards?

1. Back to top

   Who is not doing it?

   by Vikas Hazrati

   Interesting article but most of the thoughts and ideas seem to be ages old. However, I don't know of any serious software companies, departments who are not using continuous integration and developers checking in code using FTP (huh?).

   Reply

2. Back to top

   Re: Who is not doing it?

   by Andrew Perepelytsya

   In AIG world it's absolutely possible, so from Mark's standpoint it fully applies and is current. Leading a focused and agile team (or multiple teams) is very different than an architecture group at a monster, which AIG is. But I agree, nothing new in the article technique-wise. The political effort of putting this process in AIG, that would be a real insight :)

   Reply

3. Back to top

   Re: Who is not doing it?

   by Mark Figley

   Vikas,
   
   I completely agree that the strategies of utilizing source control and a centralized build process are in fact ages old. I am not sure I agree with you on how broadly those best practices are implemented, but they are definitely not new ideas. The only reason that I talk about locked down environments and centralized build concepts in the article is because they are required precursors for the automated software audit strategy (which is the focus of the article) to work, and in my experience you cannot take for granted that those best practices are already in place.
   
   So I understand your thoughts on the relevancy of FTP check-ins, but I wonder if all of those same organizations you referenced have implemented their organization's coding standards as an automated software audit infrastructure that scans every class during every build for code that does not follow the standards? And I am not talking about executing a batch of unit tests as part of a build. I am talking about pattern rules broadly applied over the entire codebase. In my experience organizations having that infrastructure in place is more rare, and that is the value that I was hoping to provide with this article. Does that make any sense?
   
   - Mark

   Reply

4. Back to top

   Re: Who is not doing it?

   by Vikas Hazrati

   Mark,
   
   Well, the organizations that I am talking about have checkstyle and PMD mapped to their build process, hence they do check it with every build. Finally a report is generated on the Maven dashboard with the number of violations for the team to work on.
   
   Vikas Hazrati

   Reply

5. Back to top

   Re: Who is not doing it?

   by Kalyan C

   perfect! even we have integrated PMD into our IDEs n running them right from the start of development phase... so need for any centralized approach here.

   Reply