How to perform the Code Quality analysis in PWSLab to locate code issues?

How to perform the Code Quality analysis in PWSLab to locate code issues?

Introduction

Improve the code quality of your project with PWS Code Quality Analysis.

It's a static quality analysis job for your code. What it does is nothing more than scanning all your code looking for duplication problems, code smells and other assorted problems. Serving as a mini code review of your code and thereby helping you improve the code quality of your project before you deliver it to production.

Code Quality Features

  1. It helps you to get a better handle on providing a sense of the implicit quality of your product.
  2. It detects areas in code that needs re-factoring / simplification.
  3. Identify potential code quality issues during the development phase before the software goes into production.
  4. Detects programming errors or flaws and shows them to you.
  5. During a code review, you can find issues in the code that you would not find in the testing phase.
  6. It helps you in removing any single point of failure.
  7. It helps you and your team to make better estimates and release planning.
  8. It helps you to detect the defects earlier in-order to reduce the cost of defects.

How to identify code issues?

PWSLab gives you a way to analyze your git code repositories for these defects. The analysis is fully automated to fit perfectly into a CI/CD workflow for defects detection before they reach production. PWSLab Codequality runs using certain leading opensource packages like Code Climate.

Once the Code Quality job is done, all the code analysis metrics are rendered as an HTML report into PWSLab Job Artifacts. 

After running the Code Quality job, PWSLab writes the report into Job Artifacts as pws_codequality.html. Open it and start investigating the results to identify code issues.
For Code Quality configuration in your PWSLab project's pipeline, please raise a DevSecOps Support Request.

Support Ticket Guidelines and Information Required

PWSLab Job Environment Variables:

Variables
Description
PWS_EMAIL_STATUS
Set "true" or "false" for receiving Code Quality reports as email notifications.
PWS_EMAIL_RECIPIENT
Set the Email Recipient for receiving Report email notifications if PWS_EMAIL_STATUS is set as "true".
PWS_HUB_USER
Set PWSLab Docker Hub Username
PWS_HUB_PASS
Set PWSLab Docker Hub Password
PWS_CODE_QUALITY_DISABLED
Set this variable "true" to disable Code Quality job.

Please raise a DEVSECOPS Support Request in the PDS Department providing the below information:
  1. Which branch/es do you want the Code Quality to be configured for?
  2. Do you want this job to run every time a code-commit is pushed?
  3. Do you want this job to run for a specific branch like UAT after merge requests are accepted by maintainers? So, before anything is merged to MASTER, code quality is analyzed.


Have more questions? Please email us at support@peerxp.com
Also, let us know if the article is helpful!

    • Related Articles

    • List of PWSLab CI/CD Environment Variables

      Introduction This document enlists a set of pre-defined environment variables accepted by PWSLab CI/CD for the local environment of the Runner. These can be referenced directly in the .pwslab.yml file or via the Project's Settings > CI/CD > ...
    • How to run Code Audit in PWSLab to detect secret leaks?

      Introduction - Quickly learn if secrets have been leaked Do you store unencrypted passwords, secrets and any other unwanted data types in your git source code repositories? A recurring problem when developing applications is that developers may ...
    • How to use SonarQube for Automated Static Application Security Testing in PWSLab?

      What is Static Application Security Testing? Static Application Security Testing or SAST is a collection of techniques and algorithms to analyze source code and automatically find potential errors or poor coding issues. The idea is similar in spirit ...
    • How to use automated Dynamic Application Security Testing in PWSLab?

      Introduction In a Rapid Application Development Cycle, security teams often initiate DAST tools to locate vulnerabilities just before the launch of a new product or a new version of the previously-launched product. This became non-scalable and ...
    • PWSLab Git Workshop - Useful commands and concepts

      Agenda A brief history of Git. PWSLab walkthrough. Configure your environment. Workshop. Git Introduction Visit: https://git-scm.com/about Distributed version control. It does not rely on a connection to a central server. Many copies of the complete ...