You have a legacy codebase, possibly with hundreds of thousands of lines of code, you have set up Sonar - the widely adopted Java Static Code Analysis tool - hoping to use the tool in order to detect and monitor code quality issues and trends.
Alas, when you examine the Sonar dashboard you find you have hundreds or thousands of rule violations… great, now what??
Following are a few ideas as to how you can tackle the situation:
- Begin by reviewing the Blocking and Severe violations. These might impact your system at runtime and thus should be fixed with no delay. If you maintain a backlog, put an item there to represent this technical debt, so the situation will be visible to the Product Owner (i.e. transparency).
- Use Sonar’s Alerts mechnism in order to detect and highlight new violations.
- Share the situation with the rest of the team, and educate (or remind) them of the Boy Scout Rule. This should lead to improved code quality in exactly those areas of the code that are most painful (as they are the ones that are being analyzed and maintained most often).
In addition, a new version of Sonar is expected to be released later this year (2011). One of the key features of this version is the ability to spot, highlight and track new violations that occured since the last execution of Sonar. This feature should allow to distingush new violations from pre-exiting violations.
This way or another, don’t give up on using static code analysis - using it effectively can have strong positive impact on your code quality in the long run.