Static Code Analysis Tools

A

Ancalagon

Honorary Master
Joined
Feb 23, 2010
Messages
18,207
Reaction score
3,678
Do you guys use any static code analysis tools? If you do, what do you use, what do you use it for, and what is your opinion of it?

We use detekt as part of our GIthub PR gates. Detekt runs on the entire branch and makes sure you haven't introduced any new technical debt.

I have mixed feelings about it. I can see the point of it, especially for large codebases, but... its like it takes away some of the magic and creativity. Maybe I'm just stubborn.

Also... the industrial engineer in me is wondering whether this really serves the goals of the organisation. What I mean is, our goal is to make money. Does a tool like this get us better at making money, or will it lead to unanticipated side effects that lower productivity and hence push us further away from making money?
 
They help, but I'll admit our code is not great in a lot of areas. It could have been written earlier.

Despite that, I feel like code reviews (prior to introducing detekt) were thorough. The worst issues would have been spotted. I guess the problem is that everyone has a different opinion about what it should look like. So, some people would complain about certain issues and not others.
 
Is it really a one or the other type of thing? Static code analysis is really good at detecting general smells etc but I cannot imagine it completely replacing code reviews. I think the magic lies in using the static tools to pick up the obvious easy errors to reduce the time the team spends on code reviews but never as a complete replacement.

"Let machines do what they do best and that is the repeatable easy stuff and use humans to do the creative work." In this case static tools to point out smells like cyclomatic complexity, method size and other issues with coding standards etc and let people review the functionality where all the creative stuff lies.
 
We haven't replaced code reviews - they are used in addition to them.
 
Ancalagon said:
We haven't replaced code reviews - they are used in addition to them.
Click to expand...

Then consider it this way. To answer your question about making money. Enough studies have linked high performing organisations (organisations that react to changes to the business environment and what their clients want and need) performance to the organisation's ability to make changes to their code base to add features and fix defects in shorter times.

Tools like Detekt (which I haven't used, we use sonarqube) are just one of many ways companies can improve the time in between releases by reducing the amount of time required by a developer to look for bad code that could be picked up by a computer. Code linter tools specifically are (and should be) configured to detect as many as possible of the bad coding habits developers have that decrease the maintainability of code and ends up costing companies a lot more in the long run. Penny-wise and pound foolish...
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X