1. Website Planet
  2. >
  3. Blog
  4. >
  5. Mastering Code Quality In The AI Era with NDepend CEO Patrick Smacchia
Mastering Code Quality In The AI Era with NDepend CEO Patrick Smacchia

Mastering Code Quality In The AI Era with NDepend CEO Patrick Smacchia

Roberto Popolizio Written by:
Welcome to another interview by Website Planet. Bringing you insights on how the best companies are solving the current challenges in their industry, and how they are planning ahead for the future.

Our guest today is NDepend Founder and CEO Patrick Smacchia, author of the best-seller book on .NET and C# (over 15.000 sold copies) and developer of academic and professional courses on the platform and C#.

We looked at how NDepend helps more than 12.000 clients (including many Fortune 500) get a better understanding of their base code, and how AI is going to impact the software development industry.

Introduce your company to our audience

I started programming in 1985 when I was a kid and never stopped since. Following my education in math and software, I had the opportunity to work in various software environments.

In 2003, I authored the French bestseller on Microsoft’s .NET development platform, titled “Pratique de .NET et C#,” published by O’Reilly. The book had more than 800 pages, what an awesome way to learn a technology. Subsequently, I became a well-known consultant, helping large companies train their engineers in .NET and review their code. A common issue I noticed was the rapid disorganization of code bases. This led to poor quality and error-prone code.

Typically, a successful IT project results from a strong grasp of business requirements combined with proficient management of the development process. As users and I are engaged in software development using the .NET platform, both of these critical areas are similar, and I gained expertise in it. This was a unique chance.

Since then the NDepend project never ceased to grow. Betting on .NET was a good idea since Microsoft invested and is still investing so much resources in it. Today, NDepend serves over 12,000 company clients globally. Together with my team, we take pride in enhancing the quality of .NET code for numerous engineers. We also have a partnership with CoderGears that develop C++ and Java versions of NDepend, namely CppDepend and JArchitect.

What unique challenges are people in your industry facing right now?

.NET has been a premier platform for over two decades and remains a favorite for developing Enterprise Applications. Countless large organizations worldwide rely on .NET to manage and enhance vast legacy codebases. Given the high turnover rate in our industry, many developers find themselves needing to understand and refine the work of those who came before them.

Furthermore, each day sees the initiation of numerous commercial and open-source projects on .NET. These projects are the foundations of future legacies, underscoring the importance of utilizing the right tools to maintain clean and elegant code throughout the development process.

How effective are the current methods for solving these issues?

Over the past few decades, the software industry has introduced numerous paradigms to enhance and standardize the development process. One effective method in software development involves writing Unit and Integration Tests.

Each test functions like a miniature program, running a segment of the code base to verify the outcomes. The main distinction between unit testing and integration testing lies in the scope of the code tested:
  • Integration tests can require access to infrastructure elements such as networks, databases or user interfaces, and typically take seconds to execute.
  • In contrast, unit tests target a much smaller section of the code, and it is common to run thousands of them per second. The rapid execution of these tests is crucial, as it allows them to be run frequently. This frequent testing ensures that any issues introduced by newly written code are identified early, minimizing the cost and effort needed for corrections.
In addition to testing, the extent of code coverage during tests is crucial. Code coverage refers to the measurement of which lines and paths within the code are actually executed during testing. Tools are available to track this, providing developers with valuable insights into which areas of the code have not been tested, enabling them to target these gaps by writing additional tests.

Although it’s impractical to test every line of code—user interface code, for instance, is particularly challenging —some developers argue that achieving 90% coverage of core code is sufficient, because the remaining 10% is too difficult to test. In my opinion, this overlooks a key point:

Code that is difficult to test often indicates poor design. Poorly designed code tends to be more prone to errors, leading to the most problematic areas of the code remaining untested.

Code Review is another widely adopted practice in modern software development. It involves having new or refactored code written by a developer reviewed by other developers to identify potential security vulnerabilities and areas for improvement. Part of this process can be automated through Static Analysis, which uses automated tools to detect issues in the code. This analysis is conducted before the human-led code review, allowing developers to concentrate on more complex problems that the tools might not catch.

Software development is inherently incremental; a product must continuously evolve or it risks obsolescence. This necessity has led to the emergence of Distributed Version Control Systems, which track changes across a collection of computer files, primarily to coordinate work among programmers. Among these systems, GIT stands out as the most widely adopted protocol. One of the most successful platforms utilizing GIT is GitHub.com.

In addition to these modern techniques, various software development methodologies that prioritize the human element in the process have also emerged. A significant milestone in this evolution was the publication of the Agile Manifesto in 2001 by a group of esteemed experts. This manifesto outlines twelve fundamental principles designed to guide developers and team leaders in advancing their software projects effectively. The SCRUM methodology has become one of the most popular and widely adopted frameworks in agile development today.

📖 To learn more:
https://agilemanifesto.org/principles.html

The concept of DevOps gained popularity starting in 2007, emerging from the software development and IT operations communities’ dissatisfaction with the traditional software development model. In this older model, developers who wrote code and operations teams who deployed and supported it worked in isolation. The term “DevOps,” blending “development” and “operations,” encapsulates the integration of these two disciplines into a single, continuous process.

In this environment, the practices of Continuous Integration, where developers frequently merge new code, and Continuous Delivery or Deployment, where IT engineers consistently release or deploy software, became popular. These practices are commonly known collectively as CI/CD. CI/CD encompasses all the previously mentioned practices and paradigms through a pipeline that is manageable using tools like Microsoft Azure DevOps.

The NDepend approach to CI/CD

The NDepend toolset is designed to enhance aspects of the CI/CD process by treating code as data and offering tools that bolster many of the paradigms discussed in the previous section.

NDepend includes a rule engine that specializes in detecting code smells, which are indicators of potential quality issues in the code. It offers hundreds of default rules, and because the engine is based on the C# LINQ querying system, developers can easily adapt and write their own rules or modify existing ones.

This rule engine can be applied to both the current version of the code and a baseline version. This is particularly useful for focusing on issues newly introduced in recent code or during refactoring. This feature is central to the product, reflecting the inherent incremental nature of software development.

Concentrating improvement efforts on new code yields the greatest return on investment, making it a strategic focus for enhancing software quality. While untouched code is important, it typically demands attention only when issues are reported from production or when the development team identifies a need for resources to enhance a poorly designed component, given that it is already functioning in production.

The engine can also integrate code coverage data from tests, enabling it to identify issues such as code that was fully tested in the baseline version but is no longer covered by tests.

NDepend
Code Coverage Data Visualized with NDepend
Another notable feature is the estimation of Technical Debt, which quantifies the effort needed to address certain issues. Given the rule engine’s deep understanding of the code, it incorporates sophisticated formulas into each rule to provide a realistic estimation of this debt. For instance, if a section of code is both complex and lacks test coverage, the effort required to rectify it will be greater than if the code were less complex.

“The issues NDepend raised for me seemed to be more related to architecture issues versus the other tools. It definitely gave me insight into what to refactor and how to reduce technical debt.”

David Shifflet, Senior Software Developer

Microsoft also provides a .NET code rule engine named Roslyn Analyzers. Roslyn, which refers to the compilers for C# and VB.NET, can emit errors and warnings. Microsoft has made this system extendable to allow for the creation of custom rules. While Roslyn Analyzers typically focus on low-level issues, such as improper use of language syntax, our rules engine addresses higher-level issues related to architecture, testing, and code smells.

⚡To provide a 360-degree view on .NET Code Quality and Security, our latest version now integrates issues identified by Roslyn Analyzers.
Automatically identifying issues and estimating the effort required to fix them is beneficial, but not always actionable, especially in environments where cost and time constraints are stringent. That’s why our engine, which utilizes C# LINQ, also enables the creation of Quality Gates.

What is a quality gate for .NET?

A Quality Gate is like a checkpoint in a software creation process. It ensures the code meets certain standards before moving to the next step. It’s a way to prevent subpar code from advancing so as to enhance the overall integrity of the software.

A Quality Gate as a criterion produces a result within the range of PASS, WARN, or FAIL. For a new version of the product to be released, all active Quality Gates must pass. Typically, the CI/CD process halts if any Quality Gates fail. Common Quality Gates might, for instance, mandate a certain level of code coverage or limit technical debt on new code, and prohibit issues above a specified severity. Our engine simplifies the process of writing custom Quality Gates, allowing for continuous checks on any area of the code that matter for our user.

Ultimately, our product produces a detailed web report that summarizes all these findings, enabling the team to take informed action. Additionally, we provide features that can be used during development, such as code visualization through dependency graphs, impact analysis of planned changes, and trending charts. These tools help teams assess whether they are moving in the right direction.

NDepend
An example of an NDepend Report
“NDepend is giving me insight into my apps that I hadn’t had before. Once I realized the depth and breadth of the information I was looking at, I was like a kid in a candy shop.”

Scott Hanselman, Program Manager at Microsoft

Looking ahead 5 to 10 years, what new technologies and trends will have the most significant impact on the issues we talked about?

Today, Artificial Intelligence (AI) is revolutionizing most business areas. Tools like GitHub Copilot, which are trained on billions of open-sourced lines of code, exemplify this transformation. As a result, AI is particularly smart both at writing code based on concise, human-friendly specifications and at identifying existing problems within code.

I don’t believe AI will replace developers in the near future, but developers who fail to leverage AI may find themselves at a disadvantage.

Also the patterns currently detected by static analysis tools like ours are valid and will continue to be so. AI excels in identifying issues that aren’t easily defined by patterns, such as a problem in one area of code affecting a completely different area. To date, AI tools have not yet begun exporting their findings. However, when they do, they are likely to use the SARIF format (Static Analysis Results Interchange Format). SARIF is a standard, JSON-based format used for the outputs of static analysis tools, and our system is already equipped to import issues from Roslyn Analyzers using this format.

AI will also be valuable for querying code in a natural language format. With our unique code querying engine, we hold a competitive edge in this area, and we have internal projects slated for release in the upcoming year that will further leverage this capability.

🔎 Want to learn more?

Website: https://www.ndepend.com/

LinkedIn:
  • https://www.linkedin.com/in/patrick-smacchia-b0123110
  • https://www.linkedin.com/company/3112794/admin/feed/posts/
X: https://twitter.com/ndepend

Rate this Article
4.3 Voted by 3 users
You already voted! Undo
This field is required Maximal length of comment is equal 80000 chars Minimal length of comment is equal 10 chars
Any comments?
Required Field Maximal length of comment is equal 5000 chars Minimal length of comment is equal 50 chars
0 out of minimum 50 characters
Reply
View %s replies
View %s reply
Related posts
Show more related posts
We check all user comments within 48 hours to make sure they are from real people like you. We're glad you found this article useful - we would appreciate it if you let more people know about it.
Popup final window
Share this blog post with friends and co-workers right now:

We check all comments within 48 hours to make sure they're from real users like you. In the meantime, you can share your comment with others to let more people know what you think.

Once a month you will receive interesting, insightful tips, tricks, and advice to improve your website performance and reach your digital marketing goals!

So happy you liked it!

Share it with your friends!

1 1 1

Or review us on 1

3310112
50
5000
97144652