CodeScene
Developer(s) | CodeScene AB |
---|---|
Initial release | 2016 |
Stable release | 6.5
/ 2024 |
Operating system | Any that can run a modern JVM |
Platform | Java |
Available in | English |
Type | Behavioral program analysis |
License | Proprietary |
Website | CodeScene |
CodeScene is a software engineering intelligence platform that combines code quality metrics with behavioral code analysis. It provides visualizations based on version control data and machine learning algorithms that identify social patterns and hidden risks in source code.[1]
CodeScene offers several features that support software maintainability and evolution within large-scale software development environments. The platform delivers several actionable performance indicators that assist software organizations in identifying risks and bottlenecks. CodeScene’s research team employs an evidence-based approach to validate how these indicators are associated with business-critical variables such as development velocity and defect density.
The platform uses its Code Health metric to evaluate the maintainability of source code. Another significant feature is the concept of hotspots which are areas of code that are frequently modified. This concept is inspired by geographic profiling a technique used in criminal investigations, which is reflected in the naming of CodeScene.
By focusing on improving Code Health in hotspots, CodeScene aims to assist software development organizations in prioritizing technical debt mitigation. This approach is intended to enhance the maintainability and quality of software projects.
History
[edit]CodeScene is based on the ideas from the book Your Code As A Crime Scene: Use Forensic Techniques to Arrest Defects, Bottlenecks, and Bad Design in Your Programs[2] by CodeScene's founder Adam Tornhill.
The first version of CodeScene was released in 2016,[3] and the current version is 6.5 which comes with auto-generated PDF reports, architectural code health metrics, quality gates for build pipelines, and can put costs on hotspots.[4]
In January of 2021, CodeScene raised kr 30,000,000 from Inventure and Luminar to expand its business.[5] In August of 2023, CodeScene also raised €7.5 Million in a financing round led by Neqst.[6] [7]
Overview
[edit]CodeScene measures code quality using its Code Health metric. Code Health focuses on how cognitively difficult it is for human developers to comprehend a piece of source code. The metric aligns with the mindset that the best strategy for gauging code quality is to aggregate a set of specific complexity attributes.[8] CodeScene parses source code to identify the presence of established code smells, e.g., ‘’God Class’’, ‘’God Methods’’, and ‘’Duplicated Code’’. The presence of code smells is combined into a numeric value between 1 and 10. The lower end represents extremely poor maintainability, and the upper end indicates top-notch code that is easy to maintain. CodeScene categorizes files into one of three sub-intervals: healthy (9 or higher), warning (between 4 and 9), and alert (lower than 4).
CodeScene includes support for the following programming languages: C, C++, C#, Java, Groovy, JavaScript, TypeScript, Objective-C, Scala, Python, Swift, Go, Kotlin, Visual Basic .Net, PHP, Perl 5, Dart, Erlang, Ruby, React, ECMAScript, Vue.js, Rational Software Architect Models, Clojure, PowerShell, TCL, Apex, Elixir, Rust and BrightScript.[9]
The Software as a service version of CodeScene is available for free for open source projects.[10] CodeScene is also available in an on-premise version that includes more advanced features like continuous integration support, Jira integration for cost calculations, and on- and off-boarding simulations.
Scientific research and impact
[edit]CodeScene is grounded in empirical software engineering research. The company is an active contributor to the academic community through its publication of research articles, organization of academic events, and participation in peer-review service. Examples of large research collaborations supported by publicly funded projects include the European Eureka ITEA3 TESTOMAT project, the Vinnova-backed competence center NextG2Com, and the SESAM project funded by the Swedish Knowledge Foundation.
The majority of academic research concerning CodeScene has concentrated on the validation of its Code Health metric. This metric has been extensively studied to assess its efficacy in identifying software maintainability issues. The research mission at CodeScene aims to frame source code quality as a business concern, not just a technical aspect. The primary research method used by CodeScene is mining software repositories using anonymous log files from static program analysis of proprietary projects. This approach contrasts with the majority of software engineering mining studies, which typically rely on open-source software repositories.
Example findings from empirical studies of CodeScene include:
- Significant differences exist between files with low and high Code Health. Files with alert-level Code Health contain 15 times more defects than healthy files. Moreover, resolving issues in alert-level code requires, on average, 124% more development time, and issue resolutions in such code are plagued by uncertainty as they involve nine times longer maximum cycle times.[11]
- A software development organization's value creation varies across the Code Health spectrum, with strong nonlinearities at the extremes of the spectrum. This study, which received the best paper award at the International Conference on Technical Debt in 2024, indicates that the return on investment for code refactoring is amplified in the upper end of Code Health.[12]
- Project newcomers are particularly challenged when working with alert-level source code, requiring 45% more time for small changes and 93% more time for large changes in low-quality source code. This finding highlights the additional challenges faced by newly onboarded developers in environments burdened by technical debt.[13]
- There is a strong correlation between Code Health and the total number of security vulnerabilities. This study was conducted by independent researchers based in Egypt.[14]
Reception
[edit]CodeScene was featured on the ThoughtWorks Technology Radar[15] as a social code analysis tool.
CodeScene users report that CodeScene is "The right way to manage technical debt", "A new standard for quality assurance", and provides "Insights like never seen before".[16]
CodeScene's free version is used to visualize the case studies in Adam Tornhill's book Software Design X-Rays: Fix Technical Debt with Behavioral Code Analysis.[17]
References
[edit]- ^ Tornhill, Adam (2018). "Assessing Technical Debt in Automated Tests with CodeScene". 2018 IEEE International Conference on Software Testing, Verification and Validation Workshops (ICSTW). pp. 122–125. doi:10.1109/ICSTW.2018.00039. ISBN 978-1-5386-6352-3.
- ^ Tornhill, Adam (2015). Your Code as a Crime Scene Use Forensic Techniques to Arrest Defects, Bottlenecks, and Bad Design in Your Programs. Raleigh, North Carolina: Pragmatic Bookshelf. ISBN 978-1680500387.
- ^ Tornhill, Adam. "CodeScene: The First Three Years". CodeScene AB. Retrieved 23 October 2018.
- ^ "CodeScene 4.0: Dawn of a new User Interface". CodeScene AB.
- ^ "De förutspår felaktig kod med hjälp av ai – tar in 30 miljoner". DiGITAL. 17 January 2021.
- ^ "Neqst Investments". Neqst.
- ^ "CodeScene Raises €7.5 Million in a Financing Round". CodeScene AB.
- ^ Fenton, N. (1994). "Software Measurement: A Necessary Scientific Basis". IEEE Transactions on Software Engineering. 20 (3): 199–206. doi:10.1109/32.268921.
- ^ "Supported Programming Languages". CodeScene. CodeScene AB. Retrieved 24 October 2019.
- ^ "CodeScene Cloud plans". Retrieved 23 October 2018.
- ^ Tornhill, Adam; Borg, Markus (2022). "Code red: The business impact of code quality - a quantitative study of 39 proprietary production codebases". Proceedings of the International Conference on Technical Debt. pp. 11–20. doi:10.1145/3524843.3528091. ISBN 978-1-4503-9304-1.
- ^ Borg, Markus; Pruvost, Ilyana; Mones, Enys; Tornhill, Adam (2024). "Increasing, not Diminishing: Investigating the Returns of Highly Maintainable Code". Proceedings of the 7th ACM/IEEE International Conference on Technical Debt. pp. 21–30. doi:10.1145/3644384.3644471. ISBN 979-8-4007-0590-8.
- ^ Borg, Markus; Tornhill, Adam; Mones, Enys (2023). "U Owns the Code That Changes and How Marginal Owners Resolve Issues Slower in Low-Quality Source Code". Proceedings of the 27th International Conference on Evaluation and Assessment in Software Engineering. pp. 368–377. doi:10.1145/3593434.3593480. ISBN 979-8-4007-0044-6.
- ^ Al-Boghdady, Abdullah; Wassif, Khaled; El-Ramly, Mohammad (2021). "The Presence, Trends, and Causes of Security Vulnerabilities in Operating Systems of IoT's Low-End Devices". Sensors. 21 (7): 2329. Bibcode:2021Senso..21.2329A. doi:10.3390/s21072329. PMC 8037610. PMID 33810605.
- ^ "Social code analysis". Thoughtworks Tech Radar. Thoughtworks, Inc. Retrieved 23 October 2018.
- ^ "CodeScene Reviews and Pricing". Capterra. Retrieved 24 October 2019.
- ^ Tornhill, Adam (2018). Software Design X-Rays: Fix Technical Debt With Behavioral Code Analysis. Raleigh, North Carolina: Pragmatic Bookshelf. ISBN 978-1680502725.