Insights /

Uncovering hidden risks: the guide to code analysis tools for software systems

Uncovering hidden risks: the guide to code analysis tools for software systems

Robert Balaban
Senior Data Engineer

Organizations today rely on powerful and sprawling legacy applications to get their work done. This software is responsible for both internal workflows and external communications, and ensuring it runs smoothly is a critical business priority.

With that said, it can be difficult to keep the systems updated over time. Implementing changes is a process that incorporates the input of numerous engineers through the years. Personnel will inevitably move on and off of the project or leave the company entirely, meaning the team working on a piece of software today may have no connection to the engineers who initially created it.

This system of gradual development and updates can lead to unintended consequences, such as unruly, poorly tracked code and the excess tech debt that comes along with it. Organizations may find that even simple updates to their vital applications take excessive amounts of time and money to complete.

Modern, IT-driven code analysis tools can help engineers cut through this web of complexity, delivering a nuanced look at a codebase. With these tools, it’s possible to see:

This information can make all the difference for engineers. With a clearer view of the nature and provenance of code, these employees can deliver intelligent changes that will set up the software for better long-term health.

What are the consequences of not taming code complexity?

Code complexity is a very common issue afflicting companies today, but its normality doesn’t mean it’s harmless. Businesses rely on their applications to be their public faces. If they’re unable to quickly and economically push updates live, they may end up delivering a subpar user experience, or even letting security risks linger in their code.

This is the real damage inflicted by tech debt. Actions that should be simple and affordable begin to demand disproportionate amounts of resources, limiting the whole organization’s ability to succeed. Complex code that has evolved with insufficient oversight naturally inflicts such high levels of tech debt.

In addition to tech debt, overly complex code can hide dangerous issues. Bugs, risk factors and general security flaws may go undetected in a codebase that has evolved in unpredictable ways over time, especially if the engineers who initially worked on the system have left the company in the interim.

Furthermore, code that has been poorly tracked and has become overly complex has a high “bus factor.” This is a measure of specialist knowledge in a few engineers—colloquially, if the personnel was hit by a bus, would the lost information and capabilities cause massive harm to the whole coding operation? No bus is required: If that employee departs the company at all, their absence can leave the project in disarray.

How and why do codebases degrade over time?

One of the most troublesome aspects of codebase degradation is the fact that it occurs naturally. There’s no need for some major part of a development process to go wrong—over time, code simply tends to become hard to manage effectively as engineers come and go from the project.

A graph that shows the progress of lines of code added and deleted since the beginning of the year (1/1/2023 )in the React Open Source Repository. Analyzed with CodeMaat and Python.

As new engineers put their stamp on the code and previous members leave the team, taking their knowledge with them, complexity tends to creep in. When engineers use clever workarounds and similar methods to solve short-term problems, they may end up creating long-term issues for the next group of developers who take on the codebase.

Beyond the simple factors of time and team attrition, there are other factors causing code complexity. Perhaps most prominently, development teams can integrate multiple systems and technologies, creating interdependencies. Rather than containerizing systems, engineers let them interact too much, which brings in added complications.

Though these issues are common and affect numerous organizations, they still merit a response. Companies have found ways to fight back over the years, some more effective than others.

What were the traditional methods of acting against code complexity?

Since code complexity is a longtime issue, there are legacy methods of dealing with the problem. These historic methods of detecting and responding to complex codebases have typically suffered from issues of their own—namely, they require excessive time and effort to follow.

Engineers conscious of increasing code complexity have traditionally turned to an increase in manual documentation to keep better track of changes over time. They have also performed more unit tests and refactored their code more often to prevent complicated and nonstandard code from sprawling out of control.

The additional work associated with these strategies comes from the fact that they lack automation. Engineers have to consciously follow through on these methods, undercutting the benefits of reducing tech debt.

How do modern code analysis tools help engineers?

The latest methods of detecting and responding to code complexity involve tech tools that take some of the work out of engineers’ hands and make their day-to-day workflows significantly easier. This is where systems like Code Maat can make a positive impact on development.

Code Maat’s main purpose is to detect layers of change within codebases. This can take the form of an easy-to-interpret timeline, pointing out which engineers changed which lines of code and when. Tracking interactions also allow the tool to point out patterns that indicate excessive code age, along with coupling and sites of code churn.

The software is based on its developer Adam Tornhill’s theory of forensic code analysis. Reconstructing what has happened to code is a way to point out opportunities for improvement and likely ways forward.

By using such a modern code analysis tool, engineers can craft visualizations and graphs that put issues with their code into forms they can understand quickly. This process resembles the use of analytics tools in general industry contexts and turns close code inspections into a user-friendly part of the workflow.

A graph representing a summary of the React Open Source codebase since the begging of the year (1/1/2023). Analysis with CodeMaat and Python.

By highlighting the places that demand attention—whether due to excessive churn and changes, work from numerous engineers, greater age than the rest of the code or a lack of containerization—these visualizations give team members clear direction. Working on the indicated sections of the codebase is a quick way to take direct action and get complexity back under control.

What goes into the process of using code analysis tools?

Code analysis tools like Code Maat are a secret weapon for engineers to wield against the complexity that regularly appears in their legacy applications. These solutions turn the manual process of sifting through metadata into a highly automated kind of digital detective work, creating a useful trail of clues that help developers direct their efforts.

Rather than telling engineers exactly what to do, these solutions point personnel in the right direction by highlighting parts of the codebase that have undergone unusual activity.

Often, such areas of focus are hotspots, files that have been touched by numerous developers over the years. Maybe those engineers were adding patches, addressing bugs or refactoring, but in any case, the parts of the code that have received this level of attention are at risk of growing to unruly levels of complexity and needing attention.

There are also more precise uses of code analysis tools—for example, they can highlight all the areas worked on by a specific engineer. If someone is set to leave a project, it’s possible to identify what they’ve worked on. This will help the rest of the team ask that contributor to share their knowledge before they depart.

A graph representing author entity effort on the React Open Source codebase. We can clearly see who revised which file compared to the total number of revisions, allowing us to identify code owners more easily. Analyzed with CodeMaat and Python.

Sometimes, a piece of code demands attention not because it has received too many changes, but because it has seen too few. Old code that hasn’t changed in years may demand a refresh to bring it up to modern standards. Areas featuring too many dependencies are also worth detecting and addressing.

The overall process of using a code analysis software tool simply involves giving engineers a clearer set of priorities to tackle. What to do about those areas of interest is still up to them.

How can a Transcenda engagement help with your code?

When it’s time for your organization to take a close look at its legacy applications and tame their codebases, your internal engineers don’t have to perform this important work alone. You can engage with experts from Transcenda to find a way forward for your software tools, and this engagement can take several forms.

Whether you need guidance from consultants or a more hands-on and embedded kind of project, Transcenda can deliver the type of experience that will best suit your organizational goals. At the beginning of the engagement, the team will use code analysis tools such as Code Maat. This level of data-driven inspection ensures that engineers are addressing the areas of the legacy code that most need attention.

When projects are guided by modern code analysis from the beginning, they can deliver better results with less manual effort. Considering the important role applications play in modern business, these projects have never been more important.

Contact Transcenda to find out how our experts can put their technology and expertise to work for your organization.

Robert Balaban is a Senior Data Engineer at Transcenda. With a strong focus on data pipeline design, optimization, and data-driven decision-making, Robert’s focus is transforming raw information into actionable insights.

Subscribe to receive the latest industry insights and news about Transcenda

Related Articles: