Hello guys,
Metrics can not only be found in software development but also in everyday situations like news or in your car. But as well as you should not just simply believe printed or shown details you should interpret them correctly. In your car for example the shown data when you hit 100 km/h is not very important until you find yourself in a speed limit of 30 km/h.
And you should be sure that the given information is correct itself. So, it’s very hard to find a tool that brings you comfort in handling and setting up, provides you with all necessary information and creating the benefit you need for your software, maybe a warning when “you are too fast or too slow”.
In this week’s blog post (to be fair, it’s a two-week-post) we talk about clean and safe code and how you can automatically check the quality of your code. We will speak about tools we already use, tools that we want to use and tools that do not meet our requirements. If you have any detailed questions about the software as outlined here, just let us know below.
Initial Situation
As we are using Azure DevOps for planning and managing our project, many metrics are already implemented and working before we already thought about using some additional software. But nevertheless, we wanted (at least) to check out some other metric tools to maybe improve our code much more.
So, we checked the internet for some ideas and suggestions what kind of software there is and what we want for Unidash.
Additional Metrics
We found many different sites with lists of tools that may improve code or deployment and also monitor the system while running.
We’ve seen that there are three categories (for us) that we could split up into different tools:
- Team efficiency/Project planning
- Business agility/Deployment
- Security/Quality Assurance
As we use Azure DevOps, we already implemented nearly every tool that applies to ‘Project Planning’ and ‘Business Agility’. What makes life pretty easy when you choose a powerful tool to host your project (thanks Gino).
So, we concentrated on Security and Quality Assurance. We found different tools for it, which we wanted to check out.
Candidate No. 1: SonarQube
SonarQube checks your code for weaknesses and smelly parts so you can easily find and fix them if you want to.
SonarQube would be a perfect addition to what we already have. We are checking how and where we want to install it as our server and some of our work devices may not have enough power to keep everything smooth, but we are looking into it. We want to centralize it so everyone can use the benefits without having troubles while installing or monitoring it on their local devices.
Addendum by gino
We integrated SonarCloud into our CI/CD pipeline. You can check out the SC project over here.
In order to run this, all we needed to do is to integrate the tasks into our pipeline definition. Check the relevant code section here.
Another perfect supplement would be “Vault” which stores user secrets and app configurations in an encrypted environment. As we use many APIs for Unidash we may want to check this one out.
Addendum by Gino
There is a variety of alternative tools when it comes to secret management. As for most stuff, some tools fit to a specific use-case, some not. Hashicorp’s Vault is a great versatile tool, however, we’ve opted into Azure Key Vault for all microservices as an optional configuration layer.
Azure Key Vault has first-party support for ASP.NET Core and is easy to configure.
Last but not least, we are looking into “Clair” which analyzes Docker Containers for vulnerabilities. It’s another very handy tool if it is set up correctly.
Addendum by Gino
After we published this blog post, we’ve also integrated Azure Application Insights as an optional feature into the back-end projects. Application Insights delivers a handful of useful metrics, such as response times, error codes, external dependencies, etc.
It’s a versatile tool and we are happy with it. Integrating it into our backend is easy as 123: services.AddApplicationInsightsTelemetry(Configuration["APPINSIGHTS_INSTRUMENTATIONKEY"]);
We won’t use Jenkins, which was brought up by @profberk as we already have a perfectly working CI at Azure DevOps.
So far, thanks for reading.
If you have any questions or comments, just let us know below, every comment is highly appreciated.
Cheers and stay healthy,
-RawBean-
2 replies on “Metrics”
Dear Raw Beans Team,
you have written a nice blog. It’s very nice that you explained many different tools and their usage. Even though you haven’t implemented a specific tool now and so could not show refactored code or specific numbers, it would be nice to hear what specific metrics you want to improve. In this context, you could explain at least two example metrics like duplication or complexity.
We are looking forward to your further progress!
Best regards,
The hopper team
Hey guys,
good job this week. We don’t have more to say to your blogpost as The Hopper Team said. We are looking forward to see which tool you will implement in future.
You said you will focus on Security and Quality Assurance. Maybe you can add an explanation of these points to your blogpost.
Regards,
AniflixApp-Team