software quality architecture and code audit
DESCRIPTION
Vikas Hazrati has shared his experience on why anyone would need software quality audit.TRANSCRIPT
Software Quality
Architecture and Code Audit
Vikas Hazrati
Agenda
I. What is software quality ?
II. Why Do I Need A Software Quality Audit ?
III. Benefits
IV. Approach
V. What do we audit for?
VI. Sample Tools
VII.Common Findings
VIII.Sample reports?IX. Prerequisites
What is Software Quality?
Why Software Quality Audit
Architecture and JEE not core line of business
Why Software Quality Audit
Measuring quality of outsourced development
Why Software Quality Audit
Neutral Analysis of the architecture and code
Why Software Quality Audit
Validating vendor contractual obligations related to quality
= Software Quality Audit
Benefits
Benefits• Planning for improvements (Given this body of
code/development)• Process (What should we improve first?)• Uncertainty reduction (Is this what we asked for?)• Risk containment (What are the risks associated with this
code/technology/development process, what are the early warning signs that will show the risk is becoming reality and what should we do now to
• Tackling Risk (Reduce risks now or later?)• TCO of the system • Do we have sufficient grounds to sue this contractor?
Approach
What do we audit for?
How?
Use of appropriate tools to narrow down on the right findings
Sample List of Tools
Architecture QualityStructure101, ArchitecturalRules, JDepend
Code QualityCheckstyle, FindBugs, PMD, Hammurapi, Soot,
Squale, Sonar, CAP, Metrics etc.
Common Findings
• Insufficient test code• Build process is not automated• Complex architecture• No automatic quality control• Big up-front design in a changing world• Strict separation between customer and
contractor• Inappropriate design abstraction
Common Findings
• Duplicate class names in different parts of the source tree
• 80% junk: code that does nothing but translate, adds no business value
• No test code
Sample Reports
Sample Reports
Sample Reports
Sample Reports
Sample Reports
Sample Executive SummarySystemX Audit RequirementXebia established the quality of code and
documentation of SystemX. Key research questions were:
- Assess the quality of code and documentation based on industry standards.
- Advise on how to improve code and quality documentation.
- Assess maintainability and ease of installation during maintenance.
Sample Executive ReportSystemX findings- Quality can be improved by increasing the coverage of automated tests and
decreasing code complexity.
- Lack of test code has a strong negative influence on maintainability
- Metrics show that code complexity is high making the code hard to understand and test.
- Reliability is adequate due to the large set of functional tests.
- Installability and portability of SystemX is adequate.
Before Starting
Prerequisites• Sponsorship from senior
management
• Clear expectations
• Access to the project team’s project documentation, project charter, the system requirements and the overall system design.
• Access to the development and deployment environment.
• Access to key individuals and project team members for information and interviews.
26