Beta v1.4 Release Notes -- Open Source metrics, Code Quality metrics, complete Codebase Health score, using CTO Dashboard to keep third-party development shops on track - October 30, 2023
Explainer video: https://youtu.be/PV-p2kLT4I0
Example Use Case- working with third-party development shops.
Here's an example of how users are using the Dashboard to keep third-party development shops in alignment.
In particular, several organizations did not have the awareness they were looking for on who was working on their code, and how much staff turnover and activity level there is.
Using the dashboard they can see the individual developers working on the product:
Too, the dashboard shows the trends in development activity (commits to master branch) to observe unusual variation:
At Sema we are passionate believers in looking at the data -- but also passionate about being curious rather than judgmental. We strongly advise the same when it comes to coding metrics, as software development is a craft, not a competition. Asking questions to get the context is essential.
In this particular case, what might look like a decline in productivity was actually an organization's push to release v1 of a new product in August/ September, followed by smaller, less frequent, more complicated refinements. This was expected and desired behavior.
New Feature 1- Open Source metrics.
We added metrics from the 5th and 6th components (module) of our codebase health framework so that now there is a comprehensive picture.
Module #5 is Open Source risk -- the legal risk coming from using Open Source code with restrictive licenses like Copyleft. You can read more about this risk here. This data comes from Snyk and we'll be adding other Software Composition Analysis tools in the months ahead.
New Feature 2- Code quality metrics.
Module #6 of 6 is Code Quality. Here we added four charts from Codacy, too we'll be adding other code quality tools in the months ahead.
- Number of warnings about code style, security, error proneness, and performance
- Duplicate code
- Code complexity
- Testing coverage
Here's an example:
You'll notice that we are considering Codacy's security warnings to be part of code quality, not code security.
Why? It is our view that organizations need an advanced security tool such as Snyk (but not just Snyk) to capture true security risk. So code quality tooling that also adds security risk-- Sonar is in this example, too-- is tracked in code quality.
Here and in so many places in the dashboard, we are opinionated about how to think about codebase health. We know you won't always agree-- but we commit to being transparent in our reasoning and approach, and to being sincerely open to feedback.
New Feature 3- Full Codebase Health score.
As noted above, now that Open Source and Code Quality risk are included, we have representation from all six components of Codebase Health included in the overall Codebase Health Score.
As a result, companies who use GitHub, Codacy, Snyk and iRADAR can get a full Codebase Health score that updates in real time for quarterly reviews, sprint debriefs, even weekly check-ins with the team.
Not using all of those tools? The Codebase Health score doesn't "ding" you for not having a certain tool, it simply excludes those metrics from the numerator and the denominator.