DACI Decision

StatusNOT STARTED
ImpactThis decision affects the level of quality of the application code developed and deployed by the Lab Booster team, that can in turn affect the level of security of the application, its performance , and the end-user experience.
DriverKRONTIRAS-ext, Pavlos 
ApproverKRONTIRAS-ext, Pavlos 
Contributors
Informed
Due date
Outcome

Tips and info

Recommendations

Contributors

Contributors: I am seeking the right people to get involved in the decision. Add your comments to this page, let's get the conversation started.

Please add:

  • The people directly impacted by this so we can include them.
  • Any references to previous work and investigations that we can leverage.
  • Any constraints and challenges we need to consider to make this decision and following action plan.

Impact rating

Here's an example you can use as a guide.

Decision characteristics
  • The decision will have a material impact on the customer experience OR
  • will significantly impact the roadmap OR
  • will adversely disrupt an internal business process.

HIGH

  • The decision will involve a less than material change to customer experience OR
  • will impact the roadmap OR
  • will impact an existing internal business process

MEDIUM

  • All other decisions
LOW


Background

The code of the DataLab application may include inefficiencies, error prone code, or coding errors (bugs). Code Quality tools evaluate the quality of the code and can raise alerts for performance risks, inefficiencies, logical errors, unnecessary code etc. and suggested corrective actions that will improve the quality of the code.

Current state

No standardized code quality tools are used.

Data for decision support

Using code quality tools can reduce development time up to 20% (https://medium.com/@ISHIRInc/top-7-code-quality-tools-you-cant-miss-in-2025-for-cleaner-safer-code-1ec1edde4e72)


Options considered

 


Option 1: Do nothingOption 2: SonarQubeOption 3: Qodana

Description



https://www.sonarsource.com/products/sonarqube/

https://www.jetbrains.com/qodana/

Rollout plan





Pros and cons

(plus) No change, BAU

(minus) Code quality remains questionable

(minus) Vulnerabilities, inefficient code, potential bugs etc., can continue to be added to the application

(minus) Additional effort spent on debugging problems that might have otherwise been caught during the build/scanning of the code

(plus) Support for multiple programming languages

(plus) Integration with popular CI/CD tools

(plus) Ease of use & deployment

(plus) Detailed reports

(plus) Plugin can scan code in real time during development

(plus) Customizable rules

(plus) Comprehensive service with code quality + security analysis

(minus) Can be difficult to integrate

(minus) Not very user friendly UI

(minus) Only static analysis

(minus) Learning curve can be steep

(minus) Can be resource intensive for scans of large projects

(plus) Supports multiple languages include Javascript, Typescript, and Python

(plus) Based on 20+ years of data & feedback from users

(plus) 2,500+ inspection checks

(plus) Identifies issues + suggests fixes
(plus) Identifies vulnerabilities from dependencies and imports
(plus) Integrates with CI/CD pipeline tools (including GitLab) to enforce quality gates, i.e. build fails if quality standards not met
(plus) Low cost
(plus) Can be self-hosted (i.e. more secure)
(plus) Unlimited lines of code analyzed
(plus) Integration with IntelliJ IDEA and MS Visual Studio Code

(minus)

(minus)

(minus)

Risks





Estimated cost and effort



Limited functionality for free

Developer license $160/year

https://www.sonarsource.com/plans-and-pricing/

Starts at €5/month/user (min 3 users)

  • €15/month or €180/year

https://www.jetbrains.com/qodana/buy/?billing=yearly

FAQ

Q1.

A1.


References



Follow-up action items

  •  


Learn more: https://www.atlassian.com/team-playbook/plays/daci

Copyright © 2016 Atlassian

Creative Commons License
This work is licensed under a Creative Commons Attribution-Non Commercial-Share Alike 4.0 International License.