Hi,
Using SonarQube 9.4, Dev Ed, 1MLOC, with .NET Scanner.
Basically, I am looking for metrics of how many days of dev has SonarQube saved us, while scanning pull requests. An argument to show when discussing whether Sonar brings value, while scanning PR-s. I looked through each and every metric on Activity tab of SonarQube admin panel, but did not find any metric to track changes, just to track absolute values. I just refuse to calculate the deltas on my own…
So what I thought:
Every PR is scanned, and quality gate blocks PRs, which do not match the expected metrics values from merging. This means, that some PRs do not pass the Code Review due to failure on Quality Gate. The issues in the report are valued in time of development to fix them. Doesn’t matter now if valuation is right or wrong. It’s just an estimate. The 1st report sets a reference point regarding code quality on this branch.
Developer fixes issues pointed in 1st Sonar report, and commits changes. Then, CI server builds updated PR on this branch, and Sonar gets a 2nd report for the same PR.
Most of the time, the first and 2nd Sonar report for the same PR differ. Bugs get fixed, vulnerabilities patched, code smells removed, but oftentimes not all, but the most important from developer’s point of view. This leaves some bugs unfixed, code smells not removed etc. Each of the remaining issues has developer time neccessary to fix value.
Now, isn’t that the estimated time to fix issues on 1st report, minus the time remaining on 2nd report, is the code quality improvement, that can be attributed to Sonar?
Speaking time-wise is a bit unjustified there, as automatic time estaimates are all but precise. So why not to make it a ‘timeless’ ratio: time to fix issues from 1st report minus time to fix issues from 2nd report, and the subtraction divided by time to fix issues from 1st report.
I can’t see a ways to display such metrics of code improvement:
Am I missing something, or it’s just not there?
Kind regards,
Michal