Reducing Technical Debt with SonarQube and Visual Studio
Olivier Gaudin, of SonarSource, and Stuart Kent of Microsoft, were on hand at Build this week to discuss the benefits of using SonarQube and how it easier for .NET developers to do so. Kent began their talk describing the cumulative burden of technical debt. As a development progresses over the life of a project, technical debt first merely distracts from the implementing new work, but as time progresses it the development team will usually find all of its time consumed by dealing with technical debt.
Gaudin took the stage to discuss how to measure code quality and technical debt. Informally calls this the number of expletives per minute when examining a code base. He describes how Technical debt is caused by the 7 deadly sins of the developer:
- Bad distribution of complexity
- Spaghetti Design
- Lack of unit tests
- No coding standards
- Potential bugs
- Not enough or too many comments or incorrect comments [Unit tests will not pick up on this type of bug.]
Gaudin observes that it is hard to go back and implement strategies to mitigate technical debt after a project is underway. Typically the team will consider it too hard, there can be lack of ownership (between QA and dev, who owns the quality), heterogeneous requirements, and any quality gates. To "Change the Game", Gaudin proposes that:
- Development team owns quality
- Shorter feedback loop
- Unified quality gate
- Cost is non-significant
- This is fun!
To aid in accomplishing this, the feedback loop should be short with immediate feedback to the development team. For existing software, the important thing is to stop making the problem worse-- focus on improving new code being written before addressing the legacy code base.
SonarQube provides a developer dashboard of the code base it is used on providing several useful metrics. Example dashboard widgets include lines of code and code coverage for projects under monitoring. Other include unit test coverage and the pass percentage for those unit tests. It is also able to measure code coverage for newly written code separately from the code base as a whole, allowing teams to ensure they are not making things worse as they write code.
SonarQube received feedback that while the tool was great for Java projects, it does not follow the C# mindset. So SonarQube contacted Microsoft for assistance in finding some quality C# developers. Kent observes that code quality data can be useful, but by default it can be overwhelming due to all of the metrics available (code analysis issues, clones, code metrics, etc). Suggests building a quality profile to filter what is shown, establish a baseline, set quality gates, and establish a remediation policy. The result is a refined list of issues to focus on that avoids, or least, reduces, the sense of being overwhelemd with too much work.
While work remains, this new integration is ready to use now on TFS2013 for interested developers. For additional details, consult the Stuart Kent’s companion article on integrating MSBuild and Team Build with Sonar Cube.