Code Quality

SonarQube hell yes! SonarLint no thanks

I have spent a couple of weeks evaluating SonarQube 6.2 for my organisation. We are fully on .NET with hundreds of ASP.NET MVC, WCF, Web API and Windows Service applications and a few million lines of code. We have a legacy of 10 years of code. During those years we have made migrations to newer versions of the .NET framework, different source control systems, different message queues and different architectures. Migrations to new technologies can be expensive with that much code, and bad decisions can be costly to undo and when you realise you have a bad decision after you have finished integrating it into everything it becomes a nightmare.

So, taking that into account, I spent quite some time looking into SonarQube. For me personally, if it isn't a hell yes, then it's not the right thing.

SonarQube is a code quality platform, that integrates with various build systems and can analyse a bunch of languages. If you have multiple languages in your codebase, multiple build systems then the chances are that SonarQube can handle it.

Breaking your own code and designs

Most developers start out their career with an aversion to knowing the failure modes of the software that they write. They treat the software that they write as their baby, and don't like to see it get hurt. This isn't necessarily a conscious decision but more a subconscious mind-set. So when I am coaching a junior, one of the things I concentrate on is breaking them out of this mind-set.

Code analysis rules versus training and coaching

I have an ongoing and friendly disagreement with colleagues over the value of code analysis rules and training. I focus part of my time on training and coaching as I feel that this is a great investment both in people and also in the quality of the software that is developed. The argument of my colleagues is that training needs to be repeated over and over again in order to cover the large developer base and as new people arrive. Also you can do a training session with a development team but that doesn't stop them from committing bad code.