1. Homepage
  2. -
  3. Insights
  4. -
  5. How modern static code analysis...
How modern static code analysis tools are shaping the future of tech businesses
May 17, 2024 static code analysis , Article , Software Quality Assurance

Untangling spaghetti code with static code analysis 

Imagine a soap bubble that grows, gets bigger and bigger until it finally bursts – a metaphor that aptly describes technical debt and code quality in the insurance industry. When companies neglect these aspects, the problem goes unnoticed, creating a bigger and bigger risk bubble. Poor code quality can result from a lack of proper coding standards, which is evident in projects where code becomes unreadable.

Constant changes without refactoring the code can lead to a phenomenon known as ‘spaghetti code’, where adding each new feature becomes increasingly difficult and time-consuming, and the consequences of bursting the bubble are usually catastrophic. Systems can fail and customer trust can be lost. Technical debt limits a company’s ability to adapt and innovate, while increasing the risk of customers leaving, discouraged by the lack of stability and reliability of services.

Artificial intelligence (AI) tools have the potential to identify and mitigate some of these issues by analysing code for patterns indicative of technical debt. However, despite their capabilities, AI systems may not fully capture the important context or strategic intent behind some coding decisions, underscoring the importance of human oversight in the review process. Therefore, early detection and remediation of code bugs before they turn into serious security vulnerabilities is key to maintaining a healthy software lifecycle and ensuring business continuity.

What if there was a solution to automate the identification and repair of bugs, thereby reducing the time and cost associated with maintaining code quality?

steps of analysing static code

How to find the best tool for static code analysis

Choosing the right static code analysis tool is key to ensuring high quality and secure software. There are a number of solutions on the market, such as SonarQube, SonarLint, ESLint and Checkstyle, which offer advanced source code analysis features. For example, SonarQube is a leader in continuous code quality inspection, providing detailed analysis and identification of issues in the early stages of development. SonarLint, on the other hand, acts as a plug-in to the IDE environment, allowing developers to analyse code on an ongoing basis as they write.

When choosing a tool, there are several important factors to consider, such as compatibility with the programming languages in use, ease of integration with existing development tools and processes, as well as the scope and depth of analysis. The instruments available on the market also vary in terms of their configurability and adaptability to the specific needs of the project, which is important for effective error detection and elimination.

There are many benefits to implementing the tools in question, such as improving code quality, increasing developer productivity by identifying and fixing bugs more quickly, and reducing costs associated with subsequent repairs in the software lifecycle. In addition, they can help ensure compliance with industry and security standards, which is particularly important in sectors requiring high levels of data protection, such as the insurance industry.

 

The strategic advantage of static analysis of code 

In the context of static code analysis, the statistics speak for themselves. Let’s look at the reality: overlooking key OWASP (Open Web Application Security Project) principles when writing code and reviewing it can lead to serious consequences. It takes 40 minutes to code review every 100 lines of code. Yes, it is a time-consuming process, but skipping it can mean overlooking subtle flaws that unfortunately accumulate.

Data collected from major insurance companies in Poland, Japan, France, Finland and the UK shows that the average cost of resolving one high impact issue is €52, and a typical project may contain as many as 2,000 of them. This translates into the cost of resolving critical issues in 1,000 lines of code can be more than €470.

chart showing how much money good quality assurance saves

Let’s look at the cost of fixing bugs at different stages of implementation. The total cost of resolving bugs of moderate complexity, which many companies face, can be €1152 in the test environment and up to €1920 in the production stage. This fact emphatically highlights the importance of effective quality and risk management at an early stage. Applying sound Quality Assurance practices can reduce these costs to a minimum, yielding savings of 75%.

The described disparity in expenditure shows how important it is to remove errors before they develop into costly problems. So how do you minimise costs and guarantee quality?

 

Cutting costs, improving quality: our GoQu solution at Guidewire

This is where the GoQu tool comes in. Our innovative answer to the challenges of technical debt and code quality. The use of GoQu reduces senior developers’ involvement in the code review process threefold. This is a significant relief for the most experienced members of our teams, who can focus on more complex and valuable tasks.

The use of GoQu also makes it possible to optimise working time. Our tool can analyse 400 lines of code in just one second. This saves between 8 and even 26 working hours per week. This translates not only into a reduction in costs, but also an increase in the speed of development work and a faster time to market.

One of GoQu’s greatest strengths is the increased awareness of bugs in code. With full knowledge of potential risks and areas of concern, development teams can work more efficiently. What’s more, thanks to the QuickFix module, around 20% of all detected bugs can be fixed automatically. This not only speeds up the development cycle, but also improves the overall quality of our software.

Isn’t having such a solution the dream of every company? There is only one way to answer this question. The fact is, however, that GoQu is the only such a powerful tool for the Gosu language on the market, and we are very happy with it because it provides us with higher quality code at a lower cost.

However, what really sets GoQu apart is how the direct benefits to the production team translate into value for the customer. The efficiency of the processes at the developer or system integrator gives them an advantage in the hitherto uneven battle against code that needs refactoring; an advantage that also becomes a competitive advantage for the customer.

 

Tools for static code analysis – an investment in the future

Implementing modern tools for static code analysis is not only a strategic investment in software quality and security, but also a key to increasing efficiency and competitiveness in a rapidly changing technological world. Exploring and adapting innovative solutions can significantly accelerate software development, while ensuring that products are not only functional, but also secure and reliable. For technology companies, staying at the forefront of change and utilising available tools for static code analysis means not only surviving, but prospering in the future.

 

profile photo of one of the article authors

Kacper Ziatkowski – Consultant at Sollers Consulting, Product Manager of QA tools, member of QA Competence responsible for RFP and RFI

profile photo of one of the article authors

Oskar Bergmann – Developer at Sollers Consulting, Deputy of Tech Lead at GoQu, Quality Assurance Specialist