Upgrade to Pro — share decks privately, control downloads, hide ads and more …

.NET Day 2023: Clean as you Code: use Roslyn an...

dotnetday
September 02, 2023

.NET Day 2023: Clean as you Code: use Roslyn analyzers to focus on the code you modify

Clean code is crucial for ensuring the maintainability and scalability of software projects. However, it can be challenging for developers to improve the code quality of legacy codebases. In this session, Andrei will introduce the Clean as You Code approach, which empowers developers to take ownership of their code and meet high-quality standards. Using Roslyn analyzers and the open-source tool SonarQube, developers can focus on the code they modify and ensure that it adheres to Clean Code standards. By adopting this low-effort approach, developers can quickly identify and fix code issues, resulting in a cleaner codebase and improved software quality. Over time, by cleaning the code you modify, you improve the quality of the overall code and achieve a more maintainable, scalable, and high-quality codebase.

dotnetday

September 02, 2023
Tweet

More Decks by dotnetday

Other Decks in Technology

Transcript

  1. ©2023, SonarSource S.A, Switzerland. Clean as You Code use Roslyn

    analyzers to focus on the code you modify Andrei EPURE 29.08.2023
  2. ©2023, SonarSource S.A, Switzerland. AndreiEpure.ro Me - Andrei Epure Developer

    Engineering Manager at ❤ clean code & team work 3
  3. ©2023, SonarSource S.A, Switzerland. AndreiEpure.ro Agenda Why is Clean Code

    important Static Analysis Clean as You Code My experience at Sonar 5
  4. ©2023, SonarSource S.A, Switzerland. AndreiEpure.ro 8 Helen, why do we

    need Clean Code? Because we want our software to be reliable, secure and maintainable.
  5. ©2023, SonarSource S.A, Switzerland. AndreiEpure.ro 12 “90% of reported security

    incidents result from exploits against defects in the design or code of software.” (U.S. Dept. of Homeland Security) https://www.cisa.gov/sites/default/files/publications/infosheet_SoftwareAssurance.pdf
  6. ©2023, SonarSource S.A, Switzerland. AndreiEpure.ro 13 Helen, why is there

    so much technical debt? Our codebases are the best we could do on the day of the commit.
  7. ©2023, SonarSource S.A, Switzerland. AndreiEpure.ro It worked on my machine

    Novice Standard Clean Code Professional Standard 14 Over time, you will learn to improve your standards.
  8. ©2023, SonarSource S.A, Switzerland. AndreiEpure.ro Helen 10 years ago Standard

    Clean Code Helen Today Standard 15 © Cory Denton from Saskatoon
  9. ©2023, SonarSource S.A, Switzerland. AndreiEpure.ro 17 Helen, how can I

    tell if my code is clean? Watch the reaction of your reviewers https://freesvg.org/troll-face
  10. ©2023, SonarSource S.A, Switzerland. AndreiEpure.ro Sort(x => x.Downloads) xUnit.Analyzers -

    314M StyleCop.Analyzers - 108M Microsoft.Azure.Functions.Analyzers - 31M Microsoft.VisualStudio.Threading.Analyzers - 30M SonarAnalyzer.CSharp - 29M Microsoft.CodeAnalysis.NetAnalyzers - 21M 23
  11. ©2023, SonarSource S.A, Switzerland. AndreiEpure.ro xUnit.Analyzers StyleCop.Analyzers - coding style

    Microsoft.Azure.Functions.Analyzers Microsoft.VisualStudio.Threading.Analyzers ❤ SonarAnalyzer.CSharp ❤ Microsoft.CodeAnalysis.NetAnalyzers - built in 24 Sort(x => x.Downloads)
  12. ©2023, SonarSource S.A, Switzerland. AndreiEpure.ro 26 Helen, how do tools

    find problems in our code? They use static code analysis.
  13. ©2023, SonarSource S.A, Switzerland. AndreiEpure.ro var foo = 4; if

    (foo > 5) Bar(); else Quix(); Static Analysis 29
  14. ©2023, SonarSource S.A, Switzerland. AndreiEpure.ro var foo = 4; if

    (foo > 5) Bar(); else Quix(); Symbolic Execution 30 X
  15. ©2023, SonarSource S.A, Switzerland. AndreiEpure.ro Option 2: The big refactor

    Things You Should Never Do 41 Knowing is not enough
  16. ©2023, SonarSource S.A, Switzerland. AndreiEpure.ro Focus on New Code :

    added or modified Don’t (re)introduce new issues 43 Clean as You Code
  17. ©2023, SonarSource S.A, Switzerland. AndreiEpure.ro Clean as You Code after

    1 year after 2 years after 5 years 20% clean code 35% clean code 50% clean code today Your existing codebase gets progressively clean 45
  18. ©2023, SonarSource S.A, Switzerland. AndreiEpure.ro New Code Definition • Pull

    Request / Commit • Versions • Number of days 46 Implementing Clean as You Code
  19. ©2023, SonarSource S.A, Switzerland. AndreiEpure.ro Implementing Clean as You Code

    47 Set up a Quality Gate on new code based on your standard (Quality Profile) Don’t merge unless it is green Don’t release unless it is green
  20. ©2023, SonarSource S.A, Switzerland. AndreiEpure.ro Clean as You Code DEMO

    Overall Code vs. New Code Pull Request integration SonarLint 48
  21. ©2023, SonarSource S.A, Switzerland. AndreiEpure.ro 49 I learn as I

    code I can focus on more important things during code reviews
  22. ©2023, SonarSource S.A, Switzerland. AndreiEpure.ro On average, 50% of code*

    gets changed within 3.33 years. *of large open-source projects on GitHub https://github.com/erikbern/git-of-theseus 50 Why does it work?
  23. ©2023, SonarSource S.A, Switzerland. AndreiEpure.ro At the beginning of 2018

    there were 1 million LOC Here’s SonarQube 2018 54
  24. ©2023, SonarSource S.A, Switzerland. AndreiEpure.ro Out of only 1 million

    LOC in 2018 less than 500K remain today Here’s SonarQube 55
  25. ©2023, SonarSource S.A, Switzerland. AndreiEpure.ro Clean as You Code after

    1 year after 2 years after 5 years 20% clean code 35% clean code 50% clean code today Your existing codebase gets progressively clean 56
  26. ©2023, SonarSource S.A, Switzerland. AndreiEpure.ro My experience at Sonar We

    don’t merge PRs with red QG Red QG = broken build (slack notification) 57
  27. ©2023, SonarSource S.A, Switzerland. AndreiEpure.ro My experience at Sonar Quality

    Profile Quality Gate - New Code: 95% ccov and no major issues - Overall code: no major bugs/vulnerabilities 58
  28. ©2023, SonarSource S.A, Switzerland. AndreiEpure.ro My experience at Sonar In

    three years, for sonar-dotnet, we increased branch (conditional) coverage from 82% to 93% by using a Quality Gate at 95%. 59
  29. ©2023, SonarSource S.A, Switzerland. AndreiEpure.ro Clean as You Code =

    improve the code you touch: ◦ Set your common standard of clean code ◦ Ensure every commit achieves that standard ◦ Use static analysis to help consistently achieve it 61 Key takeaways Remember this!
  30. ©2023, SonarSource S.A, Switzerland. AndreiEpure.ro New issues always appear on

    the “overall code” (new rules, improved techniques). 64 My experience at Sonar
  31. ©2023, SonarSource S.A, Switzerland. AndreiEpure.ro Clean as You Code Happy

    that Roslyn analyzers exist because GenAI will produce a lot of code. 67