Ensuring software quality is one of the key performance indicators for a software architect. That’s why having a strategy to ensure software quality is an essential aspect of software architect’s key responsibilities.
Essentially you can apply Pareto Principle (80/20 rule) to manage Software Quality:
20 % of your focus on Software Quality can bring 80% of effects in delivering better Software
Use the below three steps to make your software quality management strategy effective and operational.
Step 1 – Plan – What to measure?
There is no prescriptive way of list of metrics – it is applicable as per the context and the environment you are delivering the software. Essentially there are three areas to choose from
- Code/Build Quality Metrics: Ensuring code passes through all standard quality check meeting non-functional requirements
- Delivery Quality Metrics – Ensuring program delivery parameters are being adhered to (for example – if you can’t deliver on time, on budget, it does not help the customer or the organization)
- Functional Quality Metrics – Ensuring functional requirements are being met as per business needs. Even if code quality is top-notch, if it is not meeting the intended business need, it does not help.
Step 2 – Measure – How to measure?
It is not essential that you use automation to ensure your effort is not being spent on measuring it manually. There are plenty of tools or technologies available to measure these metrics such as (note that this is not a comprehensive list of all tools – the idea is to provide you pointers towards it):
- Static Code Analysis — For code quality assessment and can easily be integrated as part of code pipeline with tools such as SonarQube, Checkstyle, Coverity. Click here to see the list of all available tools
- Performance & Load Testing — For measuring performance early either as an independent test or as part of build & release pipeline such as Apache JMeter or Blazemeter, Gatling, or SaaS solutions like Loader.io, Flood.io, Loadstorm, Octoperf, Loadfocus, and the list goes on.
- Security Testing – Measuring security vulnerability using Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools addressing OWASP identified security vulnerabilities (list of Top 10 vulnerabilities). Click here to see a list of tools/technologies by OWASP. OWASP also provides an OpenSource penetration testing tool known as ZAP, which is widely used by many enterprise solution providers.
- Software composition analysis (SCA) – To identify open-source and third-party components being used in your application and any known security vulnerabilities. Click here to read about SCA by Synk, which is one of the tools to get security testing integrated into the code pipeline.
- Observability and Application Performance Monitoring — For Logs, Metrics, and Tracing using Opensource tools such as Apache Skywalking, Elastic or licensed products like New Relic, Dynatrace, Splunk, Datadog, etc.
- User Experience (UI) Performance — For measuring page rendering and perceived user experience performance with tools such as Google Lighthouse, Web.dev, GTMetrix.
Step 3 – Visualize & Act
The last but not the least is to visualize (considering the number of metrics, visualization helps) and then act on metrics not meeting the desired SLA.
As there are different stakeholders (developers, testing team, security team, performance testing team, senior leadership, executives), single visualization will not server the purpose. At minimum you need following visualizations:
- Development (Dev) – providing a consolidated view of development metrics
- Operational (Ops) – providing operational and maintenance metrics view
- Engineering dashboard – providing a summarized view to measure the effectiveness of engineering practices
For Development & Operational views – Use existing tools like JIRA Dashboards (with widgets) or Opensource tools like Kibana or Hygieia for
For Engineering Dashboard — Use products like CAST or build a custom solution to provide end-to-end visibility and insights for architecture adherence checks, and structural security findings to prevent outages, data corruption, insider threats, etc.
To conclude, software quality is not an afterthought, and putting the quality strategy since inception helps to build better software. Doing it in a continuous manner and making incremental improvements goes a long way!