Introduce your company to our audience
I started programming in 1985 when I was a kid and never stopped since. Following my education in math and software, I had the opportunity to work in various software environments. In 2003, I authored the French bestseller on Microsoft’s .NET development platform, titled “Pratique de .NET et C#,” published by O’Reilly. The book had more than 800 pages, what an awesome way to learn a technology. Subsequently, I became a well-known consultant, helping large companies train their engineers in .NET and review their code. A common issue I noticed was the rapid disorganization of code bases. This led to poor quality and error-prone code. Typically, a successful IT project results from a strong grasp of business requirements combined with proficient management of the development process. As users and I are engaged in software development using the .NET platform, both of these critical areas are similar, and I gained expertise in it. This was a unique chance. Since then the NDepend project never ceased to grow. Betting on .NET was a good idea since Microsoft invested and is still investing so much resources in it. Today, NDepend serves over 12,000 company clients globally. Together with my team, we take pride in enhancing the quality of .NET code for numerous engineers. We also have a partnership with CoderGears that develop C++ and Java versions of NDepend, namely CppDepend and JArchitect.What unique challenges are people in your industry facing right now?
.NET has been a premier platform for over two decades and remains a favorite for developing Enterprise Applications. Countless large organizations worldwide rely on .NET to manage and enhance vast legacy codebases. Given the high turnover rate in our industry, many developers find themselves needing to understand and refine the work of those who came before them. Furthermore, each day sees the initiation of numerous commercial and open-source projects on .NET. These projects are the foundations of future legacies, underscoring the importance of utilizing the right tools to maintain clean and elegant code throughout the development process.How effective are the current methods for solving these issues?
Over the past few decades, the software industry has introduced numerous paradigms to enhance and standardize the development process. One effective method in software development involves writing Unit and Integration Tests. Each test functions like a miniature program, running a segment of the code base to verify the outcomes. The main distinction between unit testing and integration testing lies in the scope of the code tested:- Integration tests can require access to infrastructure elements such as networks, databases or user interfaces, and typically take seconds to execute.
- In contrast, unit tests target a much smaller section of the code, and it is common to run thousands of them per second. The rapid execution of these tests is crucial, as it allows them to be run frequently. This frequent testing ensures that any issues introduced by newly written code are identified early, minimizing the cost and effort needed for corrections.
📖 To learn more:
https://agilemanifesto.org/principles.html
The concept of DevOps gained popularity starting in 2007, emerging from the software development and IT operations communities’ dissatisfaction with the traditional software development model. In this older model, developers who wrote code and operations teams who deployed and supported it worked in isolation. The term “DevOps,” blending “development” and “operations,” encapsulates the integration of these two disciplines into a single, continuous process.
In this environment, the practices of Continuous Integration, where developers frequently merge new code, and Continuous Delivery or Deployment, where IT engineers consistently release or deploy software, became popular. These practices are commonly known collectively as CI/CD. CI/CD encompasses all the previously mentioned practices and paradigms through a pipeline that is manageable using tools like Microsoft Azure DevOps.
https://agilemanifesto.org/principles.html
The NDepend approach to CI/CD
The NDepend toolset is designed to enhance aspects of the CI/CD process by treating code as data and offering tools that bolster many of the paradigms discussed in the previous section. NDepend includes a rule engine that specializes in detecting code smells, which are indicators of potential quality issues in the code. It offers hundreds of default rules, and because the engine is based on the C# LINQ querying system, developers can easily adapt and write their own rules or modify existing ones. This rule engine can be applied to both the current version of the code and a baseline version. This is particularly useful for focusing on issues newly introduced in recent code or during refactoring. This feature is central to the product, reflecting the inherent incremental nature of software development. Concentrating improvement efforts on new code yields the greatest return on investment, making it a strategic focus for enhancing software quality. While untouched code is important, it typically demands attention only when issues are reported from production or when the development team identifies a need for resources to enhance a poorly designed component, given that it is already functioning in production. The engine can also integrate code coverage data from tests, enabling it to identify issues such as code that was fully tested in the baseline version but is no longer covered by tests.
Microsoft also provides a .NET code rule engine named Roslyn Analyzers. Roslyn, which refers to the compilers for C# and VB.NET, can emit errors and warnings. Microsoft has made this system extendable to allow for the creation of custom rules. While Roslyn Analyzers typically focus on low-level issues, such as improper use of language syntax, our rules engine addresses higher-level issues related to architecture, testing, and code smells.“The issues NDepend raised for me seemed to be more related to architecture issues versus the other tools. It definitely gave me insight into what to refactor and how to reduce technical debt.” David Shifflet, Senior Software Developer
⚡To provide a 360-degree view on .NET Code Quality and Security, our latest version now integrates issues identified by Roslyn Analyzers.
Automatically identifying issues and estimating the effort required to fix them is beneficial, but not always actionable, especially in environments where cost and time constraints are stringent. That’s why our engine, which utilizes C# LINQ, also enables the creation of Quality Gates.
What is a quality gate for .NET?
A Quality Gate is like a checkpoint in a software creation process. It ensures the code meets certain standards before moving to the next step. It’s a way to prevent subpar code from advancing so as to enhance the overall integrity of the software.
A Quality Gate as a criterion produces a result within the range of PASS, WARN, or FAIL. For a new version of the product to be released, all active Quality Gates must pass. Typically, the CI/CD process halts if any Quality Gates fail. Common Quality Gates might, for instance, mandate a certain level of code coverage or limit technical debt on new code, and prohibit issues above a specified severity. Our engine simplifies the process of writing custom Quality Gates, allowing for continuous checks on any area of the code that matter for our user.
Ultimately, our product produces a detailed web report that summarizes all these findings, enabling the team to take informed action. Additionally, we provide features that can be used during development, such as code visualization through dependency graphs, impact analysis of planned changes, and trending charts. These tools help teams assess whether they are moving in the right direction.
“NDepend is giving me insight into my apps that I hadn’t had before. Once I realized the depth and breadth of the information I was looking at, I was like a kid in a candy shop.” Scott Hanselman, Program Manager at Microsoft
Looking ahead 5 to 10 years, what new technologies and trends will have the most significant impact on the issues we talked about?
Today, Artificial Intelligence (AI) is revolutionizing most business areas. Tools like GitHub Copilot, which are trained on billions of open-sourced lines of code, exemplify this transformation. As a result, AI is particularly smart both at writing code based on concise, human-friendly specifications and at identifying existing problems within code. I don’t believe AI will replace developers in the near future, but developers who fail to leverage AI may find themselves at a disadvantage. Also the patterns currently detected by static analysis tools like ours are valid and will continue to be so. AI excels in identifying issues that aren’t easily defined by patterns, such as a problem in one area of code affecting a completely different area. To date, AI tools have not yet begun exporting their findings. However, when they do, they are likely to use the SARIF format (Static Analysis Results Interchange Format). SARIF is a standard, JSON-based format used for the outputs of static analysis tools, and our system is already equipped to import issues from Roslyn Analyzers using this format. AI will also be valuable for querying code in a natural language format. With our unique code querying engine, we hold a competitive edge in this area, and we have internal projects slated for release in the upcoming year that will further leverage this capability.🔎 Want to learn more?
Website: https://www.ndepend.com/ LinkedIn:- https://www.linkedin.com/in/patrick-smacchia-b0123110
- https://www.linkedin.com/company/3112794/admin/feed/posts/
