Sogeti Java Meetup - How to ensure your code is maintainable

•

0 j'aime•1,808 vues

The document discusses ensuring code maintainability. It defines software quality according to ISO 25010 as having quality in use and product quality models. It presents 10 guidelines for writing maintainable code from SIG. It also discusses tools for static code analysis (e.g. SonarQube) and software composition analysis (e.g. WhiteSource Bolt) to help ensure code quality. The presentation aims to help developers choose the right tools to analyze their code and dependencies.

Ingénierie

Sogeti Java Meetup Quality Engineering
How to ensure your
code is maintainable
Peter Rombouts
Senior Technology Consultant
Sogeti

Security Classification © 2019 Sogeti. All rights reserved. 2
Presentation title | Date 2
Who am I
https://peterrombouts.nl
https://www.twitter.com/prombouts
https://www.github.com/prombouts
https://labs.sogeti.com
Senior Technology Consultant
Peter Rombouts
Cloud Software Architect
 Over 18 years of experience in IT
 Passionate about Software
Development, Architecture and
Cloud
SogetiLabs Fellow
 Azure
 Cloud
 Cognitive Services
 Software Development
Multi Cloud
QSD

Security Classification © 2019 Sogeti. All rights reserved. 3
Presentation title | Date
Systems and software engineering — Systems and
software Quality Requirements and Evaluation (SQuaRE) —
System and software quality models
ISO 25010 for short
What is Software Quality?

Security Classification © 2019 Sogeti. All rights reserved. 4
Presentation title | Date
The International Standard defines:
Quality in Use Model Product Quality Model

Security Classification © 2019 Sogeti. All rights reserved. 5
Presentation title | Date
The International Standard defines:
Quality in Use Model Product Quality Model

Security Classification © 2019 Sogeti. All rights reserved. 6
Presentation title | Date
The International Standard defines:
Quality in Use Model Product Quality Model

Security Classification © 2019 Sogeti. All rights reserved. 7
Presentation title | Date
Guidelines (SIG)
1. Write Short Units of Code
2. Write Simple Units of Code
3. Write Code Once
4. Keep Unit Interfaces Small
5. Separate Concerns in Modules
6. Couple Architecture Components Loosely
7. Keep Architecture Components Balanced
8. Keep Your Codebase Small
9. Automate Tests
10.Write Clean Code
SIG was established in 2000. Its roots can be
traced back to the Dutch National Research
Institute for Mathematics and Computer
Science (Centrum voor Wiskunde en
Informatica [CWI]).

Security Classification © 2019 Sogeti. All rights reserved. 8
Presentation title | Date
Guidelines (SIG)
1. Write Short Units of Code
2. Write Simple Units of Code
3. Write Code Once
4. Keep Unit Interfaces Small
5. Separate Concerns in Modules
6. Couple Architecture Components Loosely
7. Keep Architecture Components Balanced
8. Keep Your Codebase Small
9. Automate Tests
10.Write Clean Code
SIG was established in 2000. Its roots can be
traced back to the Dutch National Research
Institute for Mathematics and Computer
Science (Centrum voor Wiskunde en
Informatica [CWI]).

Security Classification © 2019 Sogeti. All rights reserved. 9
Presentation title | Date
Tools
How to choose?
Static Code Analysis?
Software Composition Analysis?

Security Classification © 2019 Sogeti. All rights reserved. 10
Presentation title | Date
What tooling is available?
Analyses the(lines of) code.
Normally used in automated pipelines.
Examples:
• SonarQube
• PMD
• NDepend
• BinSkim
Analyses the dependencies
Mostly stand-alone products with notification
capabilities. Also often used for checking
licenses in open-source packages and if they
comply with company policies..
Examples:
• WhiteSource
• WhiteSource Bolt
• Snyk
• Fossa
• npm-audit
• David (Node.JS)
Static Code Analysis Software Composition Analysis

Security Classification © 2019 Sogeti. All rights reserved. 11
Presentation title | Date
What tooling is available?
Analyses the(lines of) code.
Normally used in automated pipelines.
Examples:
• SonarQube
• PMD
• NDepend
• BinSkim
Analyses the dependencies
Mostly stand-alone products with notification
capabilities. Also often used for checking
licenses in open-source packages and if they
comply with company policies..
Examples:
• WhiteSource
• WhiteSource Bolt
• Snyk
• Fossa
• npm-audit
• David (Node.JS)
Static Code Analysis Software Composition Analysis

Security Classification © 2019 Sogeti. All rights reserved. 12
Presentation title | Date
Static Code Analysis: SonarQube

Security Classification © 2019 Sogeti. All rights reserved. 13
Presentation title | Date

Security Classification © 2019 Sogeti. All rights reserved. 14
Presentation title | Date
Software Composition Analysis: WhiteSource Bolt

Security Classification © 2019 Sogeti. All rights reserved. 15
Presentation title | Date
Software Composition Analysis: WhiteSource Bolt

Security Classification © 2019 Sogeti. All rights reserved. 16
Presentation title | Date
Software Composition Analysis: WhiteSource Bolt

17
Sogeti Global Overview | © 2019 Sogeti. All rights reserved.
Sogeti Global Overview | © 2019 Sogeti. All rights reserved.
Mind The (Tool) Gap!

Security Classification © 2019 Sogeti. All rights reserved. 18
Presentation title | Date
How to proceed?

Security Classification © 2019 Sogeti. All rights reserved. 19
Presentation title | Date
Hoe nu verder?

Sogeti Java Meetup Quality Engineering
Questions?
peter.rombouts@sogeti.com
https://peterrombouts.nl
https://labs.sogeti.com
Twitter @prombouts
GitHub @prombouts

Contenu connexe

Tendances

Bosch: AN UPDATE ON OUR ACTIVITIES IN AUTOMATING OSS COMPLIANCE: A WORKING SH...

Shane Coughlan

OpenChain Webinar #11 - Open Source Issues Remediation - Jari Koivisto - 2020...

Shane Coughlan

During a recent webinar, Jonathan Knudsen presented: "That's Not How This Works: All Development Should Be Secure." Development teams are pressured to push new software out quickly. But with speed comes risk. Anyone can write software, but if you want to create software that is safe, secure, and robust, you need the right process. Webinar attendees will learn: • Why traditional approaches to software development usually end in tears and heartburn • How a structured approach to secure software development lowers risk for you and your customers • Why automation and security testing tools are key components in the implementation of a secure development life cycle For more information, please visit our website at www.synopsys.com/software-integrity.html

Webinar–That is Not How This Works

Synopsys Software Integrity Group

OpenChain Automotive Work Group Meeting #2 - Lyon

Shane Coughlan

Osborne Clarke - OpenChain - FOSSmatrix

Shane Coughlan

OpenChain Webinar #11 - cii-bp-badge-intro

Shane Coughlan

Build your own_photobooth

iText Group nv

Embed Spark calling SDK in Your App - Olivier PROFFIT - Cisco Live Berlin 2017

Cisco

OpenChain Automation Case Study - September to December 2021

Shane Coughlan

OpenChain Automation Case Study - September to December 2021

Shane Coughlan

Free and Open Source Software - Challenges for the Automotive Supply Chain

Shane Coughlan

Licensing in Composite Projects

Tiberius Forrester

Easing IoT Development for Novice Programmers Through Code Recipes

Juan Pablo Sáenz

OpenChain Continual Improvement Case Studies

Shane Coughlan

Managing and working with remote teams is a competitive strength we have, but it can have its challenges. View this presentation and learn how to increase the level of cohesion among virtual teams by building trust and forming emotional connections and relationships through the use of video conferencing. You will learn tips on how to start adding video along with some fun ideas to can implement with your virtual teams today! Watch on-demand webinar: https://youtu.be/TfAmK6YQaeA

How to Effectively Manage Virtual Teams

Cisco Webex

Licensing in Composite Open Source Projects

Protecode

Spo2 r33

SelectedPresentations

Strategies to Reap the Benefits of Software Patents in an Open Source Softwar...

Black Duck by Synopsys

Fabrizio Cornelli - Securing Android Apps by Reversing - Codemotion Milan 2018

Codemotion

vivek_resume1

Vivek kumar Pandit

Tendances (20)

Bosch: AN UPDATE ON OUR ACTIVITIES IN AUTOMATING OSS COMPLIANCE: A WORKING SH...

OpenChain Webinar #11 - Open Source Issues Remediation - Jari Koivisto - 2020...

Webinar–That is Not How This Works

OpenChain Automotive Work Group Meeting #2 - Lyon

Osborne Clarke - OpenChain - FOSSmatrix

OpenChain Webinar #11 - cii-bp-badge-intro

Build your own_photobooth

Embed Spark calling SDK in Your App - Olivier PROFFIT - Cisco Live Berlin 2017

OpenChain Automation Case Study - September to December 2021

Free and Open Source Software - Challenges for the Automotive Supply Chain

Licensing in Composite Projects

Easing IoT Development for Novice Programmers Through Code Recipes

OpenChain Continual Improvement Case Studies

How to Effectively Manage Virtual Teams

Licensing in Composite Open Source Projects

Spo2 r33

Strategies to Reap the Benefits of Software Patents in an Open Source Softwar...

Fabrizio Cornelli - Securing Android Apps by Reversing - Codemotion Milan 2018

vivek_resume1

Similaire à Sogeti Java Meetup - How to ensure your code is maintainable

Maintainability Sogeti Qx Day 2020

Peter Rombouts

Asma Zubair, Product Mgmt Mgr, Sr Staff, Synopsys and Kimm Yeo, Product Marketing Mgr, Staff, Synopsys presented on a recent webinar. Attendees learned: how this nondisruptive tool: - Runs in the background and reporst vulnerabilities during functional testing, CI/CD, and QA activities. - Prioritizes and triages vulnerability findings in real time with 100% confidence. - Fully automates secure code delivery and deployment, without the need for extra security scans or processes. - Frees up development and security resources to focus on strategic or mission-critical tasks and contributions. For more information, please visit our website at www.synopsy.com/seeker

Webinar–AppSec: Hype or Reality

Synopsys Software Integrity Group

Webinar – Streamling Your Tech Due Diligence Process for Software Assets

Synopsys Software Integrity Group

RSA Conference Presentation–Creating a Modern AppSec Toolchain to Quantify Se...

Synopsys Software Integrity Group

Why Automate the Network?

Hank Preston

Are you struggling with application security testing? Do you wish it was easier, faster, and better? Join us to learn more about IAST, a next-generation application security tool that provides highly accurate, real-time vulnerability results without the need for application or source code scans. Learn how this nondisruptive tool can: Run in the background and report vulnerabilities during functional testing, CI/CD, and QA activities. Auto verify, prioritize and triage vulnerability findings in real time with 100% confidence. Fully automate secure app delivery and deployment, without the need for extra security scans or processes. Free up DevOps resources to focus on strategic or mission-critical tasks and contributions.

Bridging the Security Testing Gap in Your CI/CD Pipeline

DevOps.com

The Future of IoT: Why We Need the Open Interconnect Consortium

Open Interconnect Consortium

Webinar–Reviewing Modern JavaScript Applications

Synopsys Software Integrity Group

The tempo for software delivery to the warfighter continues to accelerate to meet the goals and demands of their missions. Pressures to rapidly build and deploy mission software drive the need to deliver new capabilities via DevSecOps pipelines. Many of the latest leading-edge DevSecOps practices draw heavily from commercial tech companies and innovative programs across DoD like Kessel Run. What are these latest trends, and how do you take advantage of them? How do you quantify the risk of microservices, new languages and frameworks, and cloud environments and still obtain authority to operate (ATO)? The ThreadFix platform has built-in automation and orchestration capabilities to enable your teams to provide immediate feedback in the form of policy evaluation, notifications in the form of emails and automated developer defect creation, and decision-making on your CI program as scan results are generated. In addition to built-in automation, plugins and the ThreadFix API enable CI programs to seamlessly integrate security testing into existing build/release pipelines to provide evaluation of code changes directly to your development tools. These key issue items and other trends will be discussed in this highly interactive briefing, providing critical insights on how to inject agility and responsiveness into environments that have traditionally struggled to keep pace with modern development approaches.

Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...

Denim Group

Software Bill of Materials - Accelerating Your Secure Embedded Development.pdf

ICS

The Future of IoT: Why We Need the Open Interconnect Consortium

Samsung Open Source Group

Protecting what you build is much more complicated today, with the security landscape witnessing rapid changes. National Institute of Standards and Technology's Cybersecurity Framework (NIST CSF) is popular among organizations to manage security risks effectively. Due to the flexibility and adaptability of the NIST framework, many organizations across the globe are using it to protect their IT network. SanerNow provides an in-depth NIST CSF coverage to help organizations achieve salient security. SanerNow's automated solution provides a holistic view of your organization's NIST compliance posture and helps your network adhere to the benchmark. In this session, you will learn, • About the coverage of the NIST CSF framework in SanerNow • How to implement NIST compliance using SanerNow • What are the in-built and customizable compliance reports offered by SanerNow

How to Achieve NIST Compliance using SanerNow?

SecPod

IoT Panel- Cisco and Intel

Bessie Wang

During a recent webinar, Meera Rao, DevSecOps Practice Director with Synopsys Software Integrity Group spoke on Risk Based Adaptive DevSecOps. Building security automation into the DevOps pipeline is a key pain point for many organizations. Some firms deploy to production as frequently as every five minutes—a velocity that security struggles to match. Implementing intelligence within the DevOps pipeline supports security activities by matching the team’s velocity, providing intelligent feedback, and supporting organizations as they scale their security testing activities. For more information, please visit our website at https://www.synopsys.com/devops

Webinar – Risk-based adaptive DevSecOps

Synopsys Software Integrity Group

Cisco Tech Advantage Webinar. June 4th, 2014 Video: http://youtu.be/RkmMi9qea5Y IoT is everywhere, from smart meters on houses to parking sensors in the ground – all devices are connected to the Internet. Internet engineers are helping traditional industries solve new industrial world challenges by connecting billions of new devices. An exciting part of the IoT journey is the integration between both worlds: Information Technology (IT) and Operation Technology (OT). For that a systems approach is required to scale the existing Internet infrastructure to accommodate IoT use cases, while making IT technology easy to adopt for OT operators. In this session you will learn: IoT infrastructure challenges and the need for open standards and partner ecosystem Key elements to build large-scale IoT systems as IPv6, access control, plug and play, distributed intelligence and contextual awareness Introduction to fog computing and advantages of extending cloud computing and services Looking ahead to the future

Steps to Scale Internet of Things (IoT)

Rafael Maranon

Mid market collaboration architecture presentation

Trinny Chacko

Automate and Enhance Application Security Analysis

VMware Tanzu

Cilium + Istio with Gloo Mesh

Christian Posta

Certified Internet of Things Specialist ( CIoTS )

GICTTraining

Cisco Connect Toronto 2018 DevNet Overview

Cisco Canada

Similaire à Sogeti Java Meetup - How to ensure your code is maintainable (20)

Maintainability Sogeti Qx Day 2020

Webinar–AppSec: Hype or Reality

Webinar – Streamling Your Tech Due Diligence Process for Software Assets

RSA Conference Presentation–Creating a Modern AppSec Toolchain to Quantify Se...

Why Automate the Network?

Bridging the Security Testing Gap in Your CI/CD Pipeline

The Future of IoT: Why We Need the Open Interconnect Consortium

Webinar–Reviewing Modern JavaScript Applications

Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...

Software Bill of Materials - Accelerating Your Secure Embedded Development.pdf

The Future of IoT: Why We Need the Open Interconnect Consortium

How to Achieve NIST Compliance using SanerNow?

IoT Panel- Cisco and Intel

Webinar – Risk-based adaptive DevSecOps

Steps to Scale Internet of Things (IoT)

Mid market collaboration architecture presentation

Automate and Enhance Application Security Analysis

Cilium + Istio with Gloo Mesh

Certified Internet of Things Specialist ( CIoTS )

Cisco Connect Toronto 2018 DevNet Overview

Dernier

Signal Processing and Linear System Analysis

National Chung Hsing University

Danikor Product Catalog- Screw Feeder.pdf

thietkevietthinh

Independent Solar-Powered Electric Vehicle Charging Station

siddharthteach18

Dynamo Scripts for Task IDs and Space Naming.pptx

Mustafa Ahmed

Lect.1: Getting Started (CS771: Machine Learning by Prof. Purushottam Kar, II...

singhalabhi53

Introduction to Geographic Information Systems

Ange Felix NSANZIYERA

1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf

AldoGarca30

We investigated the applicability and efficiency of the MLMC approach to the Henry-like problem with uncertain porosity, permeability and recharge. These uncertain parameters were modelled by random fields with three independent random variables. Permeability is a function of porosity. Both functions are time-dependent, have multi-scale behaviour and are defined for two layers. The numerical solution for each random realisation was obtained using the well-known ug4 parallel multigrid solver. The number of random samples required at each level was estimated by calculating the decay of the variances and the computational cost for each level. The MLMC method was used to compute the expected value and variance of several QoIs, such as the solution at a few preselected points $(t,\bx)$, the solution integrated over a small subdomain, and the time evolution of the freshwater integral. We have found that some QoIs require only 2-3 mesh levels and samples from finer meshes would not significantly improve the result. Other QoIs require more grid levels.

litvinenko_Henry_Intrusion_Hong-Kong_2024.pdf

Alexander Litvinenko

Presentation on Slab, Beam, Column, and Foundation/Footing

Er. Suman Jyoti

Passive Air Cooling System and Solar Water Heater.ppt

amrabdallah9

Path loss model, OKUMURA Model, Hata Model

DrAjayKumarYadav4

Unsatisfied Bhabhi ℂall Girls Ahmedabad Book Esha 6378878445 Top Class ℂall G...

Payal Garg #K09

Introduction to Artificial Intelligence ( AI)

ChandrakantDivate1

Fundamentals of Internet of Things (IoT) Part-2

ChandrakantDivate1

Robotics is an exciting and rapidly evolving field that combines engineering, computer science, and technology. Robots are versatile machines capable of automating a wide range of tasks with precision, speed, and power. This introduction will explore the history, components, and applications of this transformative technology. A robot is an electromechanical machine designed to perform tasks autonomously or semi-autonomously. Robots are controlled by sophisticated software and can be programmed to carry out a variety of functions. Robots use sensors to gather information about their environment and actuators to interact with it. The concept of automata, or self-operating machines, dates back to ancient civilizations such as Greece and China. The development of industrial machinery in the 18th and 19th centuries paved the way for modern robotics. The advent of computers in the 20th century enabled the creation of more advanced, programmable robots Industrial robots are commonly used in manufacturing, performing tasks such as welding, painting, and assembly. Service robots are designed to assist humans in tasks like cleaning, transportation, and healthcare Humanoid robots are designed to mimic the appearance and functionality of the human body. Mechanical Structure Robots have a physical frame, joints, and linkages that allow for movement and manipulation. Power Source Robots require a power source, such as batteries or electrical connections, to operate. Control System The control system, often a computer or microcontroller, coordinates the robot's actions and movements End Effectors Robots may have specialized tools, such as grippers or tools, to interact with their environment Cameras and other vision sensors allow robots to perceive and respond to their environment. Ultrasonic and infrared sensors help robots detect and avoid obstacles. Tactile sensors enable robots to feel and interact with their surroundings. Motors, servos, and other actuators allow robots to move and manipulate objects. Robots are controlled by sophisticated software that defines their behaviors and decision-making processes. Algorithms enable robots to process sensor data, plan actions, and execute tasks autonomously. Advancements in machine learning allow robots to adapt and improve their performance over time. Applications of Robotics Robots are widely used in industrial settings for tasks such as assembly, welding, and packaging. Robotic systems are revolutionizing medicine, from surgical assistants to rehabilitation devices. Robots are essential for exploring hazardous environments, such as deep-sea and outer space

Introduction to Robotics in Mechanical Engineering.pptx

hublikarsn

Databricks Generative AI Fundamentals .pdf

VinayVadlagattu

S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx

SCMS School of Architecture

analog-vs-digital-communication (concept of analog and digital).pptx

Karpagam Institute of Teechnology

Adsorption (mass transfer operations 2) ppt

jigup7320

TMU_GDSC_20240509.pdfTMU_GDSC_20240509.pdf

ssuserded2d4

Dernier (20)

Signal Processing and Linear System Analysis

Danikor Product Catalog- Screw Feeder.pdf

Independent Solar-Powered Electric Vehicle Charging Station

Dynamo Scripts for Task IDs and Space Naming.pptx

Lect.1: Getting Started (CS771: Machine Learning by Prof. Purushottam Kar, II...

Introduction to Geographic Information Systems

1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf

litvinenko_Henry_Intrusion_Hong-Kong_2024.pdf

Presentation on Slab, Beam, Column, and Foundation/Footing

Passive Air Cooling System and Solar Water Heater.ppt

Path loss model, OKUMURA Model, Hata Model

Unsatisfied Bhabhi ℂall Girls Ahmedabad Book Esha 6378878445 Top Class ℂall G...

Introduction to Artificial Intelligence ( AI)

Fundamentals of Internet of Things (IoT) Part-2

Introduction to Robotics in Mechanical Engineering.pptx

Databricks Generative AI Fundamentals .pdf

S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx

analog-vs-digital-communication (concept of analog and digital).pptx

Adsorption (mass transfer operations 2) ppt

TMU_GDSC_20240509.pdfTMU_GDSC_20240509.pdf

Sogeti Java Meetup - How to ensure your code is maintainable

1. Sogeti Java Meetup Quality Engineering How to ensure your code is maintainable Peter Rombouts Senior Technology Consultant Sogeti

2. Security Classification © 2019 Sogeti. All rights reserved. 2 Presentation title | Date 2 Who am I https://peterrombouts.nl https://www.twitter.com/prombouts https://www.github.com/prombouts https://labs.sogeti.com Senior Technology Consultant Peter Rombouts Cloud Software Architect  Over 18 years of experience in IT  Passionate about Software Development, Architecture and Cloud SogetiLabs Fellow  Azure  Cloud  Cognitive Services  Software Development Multi Cloud QSD

3. Security Classification © 2019 Sogeti. All rights reserved. 3 Presentation title | Date Systems and software engineering — Systems and software Quality Requirements and Evaluation (SQuaRE) — System and software quality models ISO 25010 for short What is Software Quality?

7. Security Classification © 2019 Sogeti. All rights reserved. 7 Presentation title | Date Guidelines (SIG) 1. Write Short Units of Code 2. Write Simple Units of Code 3. Write Code Once 4. Keep Unit Interfaces Small 5. Separate Concerns in Modules 6. Couple Architecture Components Loosely 7. Keep Architecture Components Balanced 8. Keep Your Codebase Small 9. Automate Tests 10.Write Clean Code SIG was established in 2000. Its roots can be traced back to the Dutch National Research Institute for Mathematics and Computer Science (Centrum voor Wiskunde en Informatica [CWI]).

8. Security Classification © 2019 Sogeti. All rights reserved. 8 Presentation title | Date Guidelines (SIG) 1. Write Short Units of Code 2. Write Simple Units of Code 3. Write Code Once 4. Keep Unit Interfaces Small 5. Separate Concerns in Modules 6. Couple Architecture Components Loosely 7. Keep Architecture Components Balanced 8. Keep Your Codebase Small 9. Automate Tests 10.Write Clean Code SIG was established in 2000. Its roots can be traced back to the Dutch National Research Institute for Mathematics and Computer Science (Centrum voor Wiskunde en Informatica [CWI]).

10. Security Classification © 2019 Sogeti. All rights reserved. 10 Presentation title | Date What tooling is available? Analyses the(lines of) code. Normally used in automated pipelines. Examples: • SonarQube • PMD • NDepend • BinSkim Analyses the dependencies Mostly stand-alone products with notification capabilities. Also often used for checking licenses in open-source packages and if they comply with company policies.. Examples: • WhiteSource • WhiteSource Bolt • Snyk • Fossa • npm-audit • David (Node.JS) Static Code Analysis Software Composition Analysis

11. Security Classification © 2019 Sogeti. All rights reserved. 11 Presentation title | Date What tooling is available? Analyses the(lines of) code. Normally used in automated pipelines. Examples: • SonarQube • PMD • NDepend • BinSkim Analyses the dependencies Mostly stand-alone products with notification capabilities. Also often used for checking licenses in open-source packages and if they comply with company policies.. Examples: • WhiteSource • WhiteSource Bolt • Snyk • Fossa • npm-audit • David (Node.JS) Static Code Analysis Software Composition Analysis

20. Sogeti Java Meetup Quality Engineering Questions? peter.rombouts@sogeti.com https://peterrombouts.nl https://labs.sogeti.com Twitter @prombouts GitHub @prombouts

Notes de l'éditeur

Quality in Use -> 5 characteristics related to outcomes of interaction with a system (including users) Product Quality Model -> Focuses on target computer system that includes the target software product.
Quality in Use -> 5 characteristics related to outcomes of interaction with a system (including users) Product Quality Model -> Focuses on target computer system that includes the target software product.
1. Modularity 2. Reusability 3. Analyzability 4. Modifiability 5. Testability
At the time of writing, in total SIG has analyzed 7.1 billion lines of code, and 72.7 million new lines of code are uploaded to SIG weekly. SIG is the only organization in the world certified by TÜViT for Trusted Product Maintainability. we have selected metrics that: • Are contained in a set as small as possible • Are technology-independent • Are easy to measure • Enable a meaningful comparison of real-world enterprise software systems
At the time of writing, in total SIG has analyzed 7.1 billion lines of code, and 72.7 million new lines of code are uploaded to SIG weekly. SIG is the only organization in the world certified by TÜViT for Trusted Product Maintainability. we have selected metrics that: • Are contained in a set as small as possible • Are technology-independent • Are easy to measure • Enable a meaningful comparison of real-world enterprise software systems
Many tools, what is the ‘golden record’ Another time, another session! C? XML? T-SQL, PL-SQL NIET gratis?
RDP Session
RDP Session
Edge: https://dev.azure.com/sogetiazurefundamentals/sogetiazurefundamentals/_build/results?buildId=258&view=whitesource.ws-bolt.build-tab.wss
Edge: https://dev.azure.com/sogetiazurefundamentals/sogetiazurefundamentals/_build/results?buildId=258&view=whitesource.ws-bolt.build-tab.wss
Edge: https://dev.azure.com/sogetiazurefundamentals/sogetiazurefundamentals/_build/results?buildId=258&view=whitesource.ws-bolt.build-tab.wss
Tool gap! Hard to interpret Will never replace pair programming. Peer review, Expert review.
Turning the Guidelines into PracticeEnsuring that your code is easy to maintain depends on two behaviors in your daily routine: discipline and setting priorities. Discipline Lower-Level (Unit) Guidelines Take Precedence Over Higher-Level (Component) Guidelines\ Remember That Every Commit Counts
Turning the Guidelines into PracticeEnsuring that your code is easy to maintain depends on two behaviors in your daily routine: discipline and setting priorities. Discipline Lower-Level (Unit) Guidelines Take Precedence Over Higher-Level (Component) Guidelines\ Remember That Every Commit Counts 15 -> SKIP INDIEN NO TIME

Sogeti Java Meetup - How to ensure your code is maintainable

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (20)

Similaire à Sogeti Java Meetup - How to ensure your code is maintainable

Similaire à Sogeti Java Meetup - How to ensure your code is maintainable (20)

Dernier

Dernier (20)

Sogeti Java Meetup - How to ensure your code is maintainable

Notes de l'éditeur