Code health checks: taking the guesswork out of quality code

This flu season, is your application code sick too?

Have you ever experienced frustrating performance problems or challenging security vulnerabilities when using a product or service? Unhealthy software code might be to blame. Unhealthy code can lead to myriad issues for businesses, like performance problems, security vulnerabilities, and costly downtime. And when code is unhealthy, it’s harder to maintain and update, which means slower development times and higher costs. Unhealthy code is also more prone to errors and bugs, which can be a huge problem for users and damage a company’s reputation. And finally, unhealthy code makes it harder to integrate new features or technologies, which can hold a business back from innovating and staying competitive. Unhealthy code can seriously impact your efficiency, productivity, and bottom line. To use just a few recent examples:

• In 2020, the Tesla Model S and Model X electric vehicles experienced problems with their infotainment systems due to unhealthy code. The code caused the system to crash and freeze, resulting in customer complaints and a potential safety hazard.
• In 2021, a software bug caused by unhealthy code led to the shutdown of a nuclear power plant in Germany. The bug caused the plant’s emergency shutdown system to activate, leading to the temporary shutdown of the plant.
• As recently as last month, outdated code in Southwest Airlines’ scheduling system caused the airline’s flight scheduling system to crash, resulting in significant disruptions and delays for passengers.

While we may only see these large-scale examples in the news, unhealthy code is causing problems for smaller teams, products, and organizations every day too. After seeing unhealthy code cause some massive problems for client teams, I developed a code health analyzer toolto help teams identify the root causes of their code’s worst symptoms, prioritize them for fixing, and improve the overall health of the code.

The origin of the code health analyzer

I inherited a code base with over 100,000 lines of code from a product that was built as a minimum viable product, with a low budget, and cobbled together from various sources. Unfortunately, this meant that the code was unhealthy and caused a lot of build issues. Once full funding was released, we experienced delays with moving code to production, which was frustrating and costly. When we were compiling code, it felt like we were guessing at what we needed, and it took much too long. Simple things like versioning issues were making it so difficult to figure out which correct version to package, and – to make matters worse – we were constantly breaking existing functionality with new releases.

I knew that we needed to figure out what was making our code unhealthy and causing our product to break too frequently. We needed to find a way to identify and fix these issues so that we could improve the performance, reliability, and stability of our product. I had to figure out how to fix the engine of a plane flying at 500 miles per hour without landing it. And that’s where a 360-degree review of the application code, configuration, and database came in.

Conducting a code health review

I designed a tool and implemented a process that would give us a complete understanding of the health of our codebase and help us identify any issues that needed to be addressed.

The review process involved static code analysis, which used automated tools (like SonarQube) to perform a static analysis of the codebase for issues. Then, I classified those identified issues into 43 different buckets and prioritized them for fixing. We classified the issues by size, frequency, risk, and prevalence, and our team of developers committed to fixing all the issues in a certain bucket within a certain timeframe. These issues were then addressed as pointed activities during the sprint, so developers could commit to healing unhealthy code while continuing to deliver new features for users simultaneously.

By conducting this 360-degree review and using analysis tools to identify and fix unhealthy code, we were able to improve the performance, reliability, and stability of our product. Now that the team was able to identify unhealthy code and prioritize healthy code moving forward, our releases were much smoother, and we had fewer problems with our code.

The code health analyzer was a huge success, and other IT leaders in the organization took notice. They saw the results we were achieving and the improvements in the performance, reliability, and stability of our product. Most importantly, they saw the tool’s ability to give detailed tangible visibility to IT leaders about the health of the code, the stability of the code, and how to make it better. They recognized the value of allowing the teams to say exactly what needed to be fixed and prioritize it into their sprints – and they wanted to use the tool on their own teams.

Why your teams should complete code health reviews

Unhealthy software code can have serious consequences for your products, like performance problems, security vulnerabilities, and costly downtime. If you’ve experienced production issues like ruining previously functioning technology with new releases, or if you’ve had to roll back and fix new code that broke existing functionality, you know how frustrating and costly these problems can be. And especially if you work in an industry like healthcare, banking, or retail, you know how important it is to avoid disruptions and maintain the reliability and performance of your products and services.

The outcomes of a code health review can be significant. If you’re considering moving to a DevOps model, a review can help you identify any issues that need to be addressed before making the transition. By eliminating unhealthy technical debt and addressing any issues in the codebase, you can improve the efficiency and reliability of your software development and deployment process.  But even if you’re not considering a move to DevOps or already using it, a code health review can help you improve the health and stability of your codebase.

In addition to identifying issues in the codebase, a code health analyzer can also help you determine your unit test code coverage. This is the percentage of your code that is covered by unit tests, which are small, isolated tests that validate individual units of code. By measuring your code coverage, you can get a sense of how thoroughly your code is being tested and identify any areas that may need more testing.

By including the fixing of unhealthy code in your sprints, you can work to continuously improve the health and quality of your codebase and deliver better products and services to your customers. It’s important to regularly review and assess the health of your code and prioritize efforts to address any issues that may arise. By doing so, you can help ensure that your code is maintainable, scalable, and secure – and avoid any costly or disruptive issues in the future.

Once this is up and running, there is a multitude of new opportunities available to begin gathering metrics and providing training.  As issues begin to be cataloged into the 43 different buckets, patterns will emerge that will provide visibility into training opportunities for developers. Themes will begin to appear that show potential architecture gaps. One of the most valuable outcomes of utilizing this tool is clarity and transparency – and the ability to sleep well at night knowing there are no more code monsters hiding in the closet.