:
Skip Navigation
Resources Blog What is code quality? 5 software checks to consider

What is code quality? 5 software checks to consider

Product development is a delicate balancing act of delivering new features and investing in architecture and technology, all while trying to focus on building the right product.

Have you ever experienced one of these scenarios?

  • It takes longer and longer to implement new features

  • Confidence that the product will perform as expected decreases

  • Onboarding new developers seems to take more and more time

These can be signs that a project could benefit from more of a focus on code quality.

What is code quality?

Code quality is the set of requirements that are common to all software projects. Properties like readability, maintainability, modularity, performance, and security are all important aspects of software, whether in a social media app or financial clearing house software.

Automatable code quality

Many factors play into code quality: architecture, API design, coding style, library choice, and following coding best practices are just a few examples. While some of these like architecture and design require human insight, others can be automated using code analysis tooling. Tooling for code analysis can be a great way to ensure uniform standards and incorporate analysis tools into the development process and is an easy first step down the road of prioritizing quality.

Here are five of the code quality factors that can be checked automatically:

Readability

In development, it is estimated that "the ratio of time spent reading versus writing is well over 10 to 1," according to Robert C. Martin in Clean Code: A Handbook of Agile Software Craftsmanship. This makes readability of code a critical aspect of development productivity. Some aspects of readability, like variable naming, are very situational and even subjective. But others can be automated. Here are some examples of easy-to-automate checks that enhance readability and code quality:

Performance

While profiling and stress testing a system are required to fully understand application performance, there are performance anti-patterns that can be detected using static code analysis. Examples:

Reliability

For system-scale reliability tests, site reliability engineering has emerged as a useful practice. However many reliability issues within individual components can be detected with static code analysis techniques. Some examples:

Security

Red teaming and bug bounty programs can help improve code quality and find vulnerabilities in deployed systems, but security starts with the code and automated static scanning can detect many types of security weaknesses, including the following:

Dependency management

Open source dependencies make up 90% of software applications, on average, developed by third parties as part of the software supply chain. This means most of the performance, reliability, security, and other quality attributes of your application are inherited from these third-party dependencies. Because of this, it's critical to carefully consider what libraries you utilize and to monitor your application's dependencies for security issues and to ensure code quality is up to par.

Software composition analysis (SCA) is the general term for technology that can extract a full list of dependencies – a software bill of materials (SBOM) – and check to see if there are known issues with any of these components. SCA tooling can help detect:

Get started with code analysis tools

Code quality analysis tools include Infer, ErrorProne, and FindSecBugs – all open source tools that can scan Java code for the issue types mentioned above. These can be incorporated into build systems, IDEs, or CI pipelines to provide automated protection.

Picture of Stephen Magill

Written by Stephen Magill

Stephen Magill is Vice President of Product Innovation at Sonatype. He’s the former CEO of MuseDev, a software company acquired by Sonatype, and is dedicated to helping developers write their best code through code quality automation.Stephen is a world-recognized expert on program analysis and was previously a principal scientist at Galois. Among his other accomplishments, he earned his Ph.D and M.S in CS from Carnegie Melon and serves on the University of Tulsa Industry Advisory Board.