Versions Compared

Old Version 3

changes.mady.by.user KRONTIRAS-ext, Pavlos

Saved on

compared with

New Version Current

changes.mady.by.user KRONTIRAS-ext, Pavlos

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

DACI Decision

Page properties


Status
Status
colourGrey
titleNot started
ImpactThis decision affects the level of quality of the application code developed and deployed by the Lab Booster team, that can in turn affect the level of security of the application, its performance , and the end-user experience.
DriverKRONTIRAS-ext, Pavlos 
ApproverKRONTIRAS-ext, Pavlos 
Contributors
Informed
Due date
Outcome



Tips and info

Tip
titleRecommendations


Info
titleContributors

Contributors: I am seeking the right people to get involved in the decision. Add your comments to this page, let's get the conversation started.

Please add:

  • The people directly impacted by this so we can include them.
  • Any references to previous work and investigations that we can leverage.
  • Any constraints and challenges we need to consider to make this decision and following action plan.


Info
titleImpact rating


Expand
titleHow do I determine the "impact" rating of a decision?

Here's an example you can use as a guide.

Decision characteristics
  • The decision will have a material impact on the customer experience OR
  • will significantly impact the roadmap OR
  • will adversely disrupt an internal business process.

Status
colourRed
titleHigh

  • The decision will involve a less than material change to customer experience OR
  • will impact the roadmap OR
  • will impact an existing internal business process

Status
colourYellow
titleMedium

  • All other decisions
Status
colourGreen
titleLow





Background

The code of the DataLab application may include inefficiencies, error prone code, or coding errors (bugs). Code Quality tools evaluate the quality of the code and can raise alerts for performance risks, inefficiencies, logical errors, unnecessary code etc. and suggested corrective actions that will improve the quality of the code.

Current state

No standardized code quality tools are used.

Data for decision support

Using code quality tools can reduce development time up to 20% (https://medium.com/@ISHIRInc/top-7-code-quality-tools-you-cant-miss-in-2025-for-cleaner-safer-code-1ec1edde4e72)


Options considered

 


Option 1: Do nothingOption 2: SonarQubeOption 3: QodanaOption 4: Crucible

Description



https://www.sonarsource.com/products/sonarqube/

https://www.jetbrains.com/qodana/https://www.atlassian.com/software/crucible

Rollout plan





Pros and cons

(plus) No change, BAU

(minus) Code quality remains questionable

(minus) Vulnerabilities, inefficient code, potential bugs etc., can continue to be added to the application

(minus) Additional effort spent on debugging problems that might have otherwise been caught during the build/scanning of the code

(plus) Support for multiple programming languages

(plus) Integration with popular CI/CD tools

(plus) Ease of use & deployment

(plus) Detailed reports

(plus) Plugin can scan code in real time during development

(plus) Customizable rules

(plus) Comprehensive service with code quality + security analysis

(minus) Can be difficult to integrate

(minus) Not very user friendly UI

(minus) Only static analysis

(minus) Learning curve can be steep

(minus) Can be resource intensive for scans of large projects

(plus) Supports multiple languages include Javascript, Typescript, and Python

(plus) Based on 20+ years of data & feedback from users

(plus) 2,500+ inspection checks

(plus)

(minus)

(minus)

(minus)

(plus)

(plus)

(plus) Identifies issues + suggests fixes
(plus) Identifies vulnerabilities from dependencies and imports
(plus) Integrates with CI/CD pipeline tools (including GitLab) to enforce quality gates, i.e. build fails if quality standards not met
(plus) Low cost
(plus) Can be self-hosted (i.e. more secure)
(plus) Unlimited lines of code analyzed
(plus) Integration with IntelliJ IDEA and MS Visual Studio Code

(minus)

(minus)

(minus)

Risks





Estimated cost and effort



Limited functionality for free

Developer license $160/year

https://www.sonarsource.com/plans-and-pricing/

Starts at €5/month/user (min 3 users)

  • €15/month or €180/year

https://www.jetbrains.com/qodana/buy/?billing=yearly


FAQ

Q1.

A1.


References


Expand


RelevanceLink
Review of code analysis tools https://thectoclub.com/tools/best-code-analysis-tools/ 
SonarQube reviewhttps://www.gartner.com/reviews/market/application-security-testing/vendor/sonarsource/product/sonarqube-server/likes-dislikes?marketSeoName=application-security-testing&vendorSeoName=sonarsource&productSeoName=sonarqube-server
Crucible reviewhttps://www.gartner.com/reviews/market/application-development-life-cycle-management/vendor/atlassian/product/crucible/likes-dislikes?marketSeoName=application-development-life-cycle-management&vendorSeoName=atlassian&productSeoName=crucible 







Follow-up action items

  •  


Learn more: https://www.atlassian.com/team-playbook/plays/daci

Copyright © 2016 Atlassian

Creative Commons License
This work is licensed under a Creative Commons Attribution-Non Commercial-Share Alike 4.0 International License.