The course is part of this learning path
This course explores how to manage code quality and security policies with Azure DevOps, and will help those preparing for Microsoft's AZ-400 exam.
It starts by examining the definition of code quality and how to write high-quality code. Next, we’ll look at what goes into code quality scanning and at how SonarCloud can help monitor code quality, and you'll see a hands-on demonstration that shows you how to use SonarCloud in the pipeline.
You'll learn what code coverage means and how to use the “Publish Code Coverage Results” task to report on code coverage. This course also covers security policies, including OWASP and its Top-10 list, as well as looking at a couple of popular security analysis tools.
If you have any feedback relating to this course, feel free to get in touch with us at firstname.lastname@example.org. Any URLs referenced during this course can be found in the relevant lecture transcripts.
- Understand what high-quality code is and how to write quality code
- Learn how to monitor code quality
- Learn how to report on code coverage
- Learn about the OWASP Top Ten
- Understand how security analysis tools can be used in conjunction with Azure DevOps to check code for vulnerabilities
- Learn how to configure SonarCloud in a pipeline
This course is intended for those who are preparing for the AZ-400 exam, or anyone who wants to learn more about managing code quality and security policies with Azure DevOps.
To get the most from this course, you should have a basic understanding of Microsoft Azure and of DevOps concepts.
Hello, and welcome to Code Quality Defined. In this lesson, we are going to take a look at what qualifies as quality code.
When you set out to write code that is required to perform a certain function, you will often find that there is not necessarily one right way to write the code. As they say, there is more than one way to skin a cat. Now, that being said, there ARE wrong ways to write code – and when you fall into bad habits, your code quality will suffer as a result. So, what do you have to do to maintain your code quality?
For starters, the code that you write needs to function as expected. That’s a given. If your code doesn’t do what you want it to do, it really doesn’t qualify as high-quality code, now does it?
Aside from ensuring that your code performs as expected, you must also ensure that your code is clear and readable. This is important because you are likely not going to be the only one reading your code and trying to modify or enhance it. If it isn’t clear, it’s going to be difficult for others to work with it.
Speaking of others working with your code, it’s also critical that your code be thoroughly documented. Your documentation should be clear enough that others can follow it.
While readability and documentation are critical to maintaining code quality, efficiency is also important. That being the case, it’s critical that your code runs efficiently. If your code can complete a task in 2 seconds instead of 10 seconds, make that happen – and make it happen without wasting resources – because resource waste isn’t all that efficient.
So, now that you have a clean set of code that’s documented, readable by others, and efficiently performs the task it was meant to perform, you have to ask yourself, “Is my code maintainable?”
While the previously mentioned characteristics are important to creating quality code, the maintainability of the code is also important. So, what this means is that you have to write your code in a manner that makes it easy for others to work with it. To do this, what you really want to do is eliminate overly long code modules.
There are several other characteristics of quality code. They include style, extensibility, and security.
When writing code, the code should always adhere to agreed-upon standards that might include specific coding standards, formatting standards, and naming standards. Every person that will be working on your code should recognize these standards and they should adhere to them.
Because code will often evolve over time – sometimes rapidly, the code that you write must be extensible. If it’s not, these evolutions over time can become painful and time-consuming.
Lastly, code must be secure. In today’s world, this is really the most important characteristic of quality code. Because security breaches and holes can be created through poor coding practices, it’s important that you keep security at the forefront when writing your code.
Now, in utopia, your code would meet all the qualifications that we previously touched on. But this isn’t utopia. In reality, your code isn’t going to rate highly for all of these qualifications. That’s just a fact of life. That being the case, you have to be aware of the technical debt that you incur whenever you write “less than stellar” code – because the more that your code fails in any one of these areas, the more technical debt it is going to incur.
So, if you know what it takes to write quality code, how does poorly written code happen?
Well, if you ask most coders, they will usually give you the same answer: tight deadlines. This is because when a developer is tasked with getting a project done quickly, they will usually be forced to take shortcuts. These shortcuts allow the developer to get the code written more quickly, but at a cost.
For example, instead of refactoring an existing method to include new functionality, the developer will often just copy the method to create a new version. Coding in this fashion is certainly faster than the refactoring and the testing that would otherwise be necessary.
An organization with no defined coding standards will also result in poor code quality because the organization’s developers won’t really know what they should be producing.
There are, in reality, all kinds of reasons for poor quality code development. But the ones I mentioned already, along with a simple lack of technical skills, are really the main reasons.
To help improve code quality, what you should do is implement automated code testing. This is because automated testing can help identify issues without manual work involved.
At the end of the day, it’s critical to maintain high-quality code, because regardless of how poor code comes to be, the end result is that the DevOps people wind up spending the majority of their time on fixing bugs, rather than delivering better functionality to your customers.
Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.
In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.
In his spare time, Tom enjoys camping, fishing, and playing poker.