Have you had any success using static code analysis (static source code analysis) to identify technical debt in your code base? What was the source of the tech debt?

EngineeringRisk ManagementPerformance
435 views2 Upvotes2 Comments
Sort By:
Oldest
CTO in Healthcare and Biotech4 months ago
yes, three examples from easy to hard (from a prior experience)
1. security - use something like the GitHub vulnerability scanning - it will identify libraries with known CVEs. We had option to block a merge request based on findings, we also used BlackDuck, Snyk, Codacy or other
2. quality - test coverage tools - we would block a merge request if unit test coverage fell below the current coverage bar - we would also enforce local coding standards
3. system complexity analysis - this was done with help from external consultants that reviewed the entirety of our source and created a map of system complexity and where we had anti patterns that needed to be addressed 
lock icon

Please join or sign in to view more content.

By joining the Peer Community, you'll get:

  • Peer Discussions and Polls
  • One-Minute Insights
  • Connect with like-minded individuals
CTO3 months ago
We use SonarQube for static analysis and have implemented a clean-as-you-go approach to technical debt, especially for legacy projects. This approach has been invaluable in gradually improving code quality without overwhelming the team with massive refactoring tasks. By integrating SonarQube into our CI/CD pipeline, we've ensured that new code adheres to high standards while incrementally addressing issues in the existing codebase.

This constant feedback on PRs also serves as a way to educate our team on coding best practices, preventing the accumulation of technical debt in the first place.

I'd also like to reiterate the importance of security, complexity analysis, and enforcement mentioned by others in this thread.
2

Content you might like

Any recommendations for a comprehensive GenAI learning platform?

EngineeringData & AnalyticsSecurity Strategy & Roadmap+4 more
IT Manager in Constructiona month ago
Hello,
the topic is so broad, what are you focused on?
Read More Comments
4.8k views2 Upvotes5 Comments

Is flutter flow best for app builder software

Applications & PlatformsCloudContact Center & Telecom+15 more

Yes79%

No20%

1.2k views

What have been your experiences with using OData with Java and/or .Net?

Applications & PlatformsDatabaseEngineering+1 more
243 views2 Upvotes

Is the metaverse dead, or is it just getting started?

EngineeringDisruptive & Emerging TechnologiesAugmented & Virtual Reality (AR/VR)
Senior Director, Defense Programs in Softwarea year ago
As a buzzword, it’s on life support.
2
Read More Comments
2.8k views2 Upvotes16 Comments

In the age of cloud computing and remote working, is the traditional firewall dead?

CloudEnd-User Services & CollaborationEngineering+10 more

The firewall is dead46%

Long live the firewall53%

4.5k views2 Comments