Most development organizations of a significant size have some form of coding standards and best practices. Simply documenting these standards and keeping them up to date can be a significant challenge and enforcing them even harder. In this latest InfoQ article, Mark Figley, who leads the architecture group at AIG United Guaranty, writes about about how his organization has found that enforcing coding standards and best practices in an automated fashion through their build process has been highly effective.
Read Implementing Automated Governance for Coding Standards.
In the article Mark talks about how they evolved to use a server-based build process where various tools scan code for possible problems, as well as best practices for implementing an automated code governance strategy.
What tools/processes are you using for managing your coding standards?
InfoQ Homepage News Article: Implementing Automated Governance for Coding Standards
Article: Implementing Automated Governance for Coding Standards
-
Related Sponsored Content
-
Related Sponsor
/filters:no_upscale()/sponsorship/topic/c1372aee-0449-48ce-bab0-1b645fe8025e/QConLonndonLogoRSB-1667564544484.png)
/articles/moldable-development/en/smallimage/logo-1663947983331.jpg){kind=logo}
/presentations/code-analyzer-technical-debt/en/smallimage/Jordan-Bragg-s-1662617895716.jpg)
/articles/twitter-staging-environment/en/smallimage/logo-1675028662311.jpg){kind=logo}
/articles/metrics-quality-software/en/smallimage/finding-adequate-metrics-for-process-quality-in-software-development-small-1673953064694.jpg)
/articles/co-creation-patterns-software-development/en/smallimage/logo-1667590759022.jpg){kind=logo}
/articles/devops-enable-quality-speed/en/smallimage/evolving-DevOps-to-enable-quality-at-speed-software-small-1666600213574.jpg)
/minibooks/2022-infoq-trends-reports/en/smallimage/LOGO-1672051527011.jpg){kind=logo}
/presentations/jfr-observability/en/smallimage/Ben Evans-s-1675024642432.jpg)
/articles/team-level-metrics-matter/en/smallimage/LOGO-1673637433912.jpg){kind=logo}
/articles/enterprise-github-actions/en/smallimage/lessons-learned-from-enterprise-usage-github-actions-small-1672998170003.jpg)
/articles/blue-green-deployments/en/smallimage/blue-green-deployment-from-the-trenches-small-1672220965411.jpg)
/articles/secure-kafka-cluster-strimzi/en/smallimage/securing-a-kafka-cluster-in-kubernetes-using-strimzi-small-1671647644310.jpg)
/articles/pipeline-quality-gates/en/smallimage/importance-of-pipeline-quality-gates-and-how-to-implement-them-small-1671622799937.jpg)
/articles/graalvm-java-compilers-openjdk/en/smallimage/small-image-jdk-2023-1671096273181.jpg)
/articles/java-jvm-trends-2022/en/smallimage/InfoQ-Trends-Report-small-1670863712433.jpeg)
/presentations/java-shared-memory-files/en/smallimage/peter-lawrey-s-1669107216422.jpg)
/articles/josh-long-spring-6/en/smallimage/logo-1669141674434.jpg){kind=logo}
/presentations/devops-java-devs/en/smallimage/Ix-chel Ruiz-s-1669107288266.jpg)
/presentations/java-upgrade-path/en/smallimage/Andrzej Grzesik-s-1667476313077.jpg)
/articles/build-deploy-scalable-golang-api/en/smallimage/logo-1667248748960.jpg){kind=logo}
/articles/integrating-dast-ci-cd/en/smallimage/logo-1666174011486.jpg){kind=logo}
/presentations/log4shell-security/en/smallimage/Simon-maple-s-1665986617483.jpg)
/presentations/loom-java-concurrency/en/smallimage/Tomasz Nurkiewicz-s-1665739004716.jpg)
Community comments
Who is not doing it?
by Vikas Hazrati,
Re: Who is not doing it?
by Andrew Perepelytsya,
Re: Who is not doing it?
by Mark Figley,
Re: Who is not doing it?
by Vikas Hazrati,
Re: Who is not doing it?
by Kalyan C,
Who is not doing it?
by Vikas Hazrati,
Your message is awaiting moderation. Thank you for participating in the discussion.
Interesting article but most of the thoughts and ideas seem to be ages old. However, I don't know of any serious software companies, departments who are not using continuous integration and developers checking in code using FTP (huh?).
Re: Who is not doing it?
by Andrew Perepelytsya,
Your message is awaiting moderation. Thank you for participating in the discussion.
In AIG world it's absolutely possible, so from Mark's standpoint it fully applies and is current. Leading a focused and agile team (or multiple teams) is very different than an architecture group at a monster, which AIG is. But I agree, nothing new in the article technique-wise. The political effort of putting this process in AIG, that would be a real insight :)
Re: Who is not doing it?
by Mark Figley,
Your message is awaiting moderation. Thank you for participating in the discussion.
Vikas,
I completely agree that the strategies of utilizing source control and a centralized build process are in fact ages old. I am not sure I agree with you on how broadly those best practices are implemented, but they are definitely not new ideas. The only reason that I talk about locked down environments and centralized build concepts in the article is because they are required precursors for the automated software audit strategy (which is the focus of the article) to work, and in my experience you cannot take for granted that those best practices are already in place.
So I understand your thoughts on the relevancy of FTP check-ins, but I wonder if all of those same organizations you referenced have implemented their organization's coding standards as an automated software audit infrastructure that scans every class during every build for code that does not follow the standards? And I am not talking about executing a batch of unit tests as part of a build. I am talking about pattern rules broadly applied over the entire codebase. In my experience organizations having that infrastructure in place is more rare, and that is the value that I was hoping to provide with this article. Does that make any sense?
- Mark
Re: Who is not doing it?
by Vikas Hazrati,
Your message is awaiting moderation. Thank you for participating in the discussion.
Mark,
Well, the organizations that I am talking about have checkstyle and PMD mapped to their build process, hence they do check it with every build. Finally a report is generated on the Maven dashboard with the number of violations for the team to work on.
Vikas Hazrati
Re: Who is not doing it?
by Kalyan C,
Your message is awaiting moderation. Thank you for participating in the discussion.
perfect! even we have integrated PMD into our IDEs n running them right from the start of development phase... so need for any centralized approach here.