Code Quality and Standards

High-quality code and consistent standards provide numerous benefits to software development overall improving the readability of the code and making it easier to maintain and understand.

Code Programming Language

Where possible adopt industry standard toolsets and languages which are supported by a large company or have significant open source community, have a large following and actively improved over time.

Typical languages include C#, SQL, Python, Java etc.

Avoid languages which require royalty payments or licences for usage - this can include some versions of Oracle Java.

The above guidance is not applicable in a retrospective manner with an already established product.

Coding Standards/Best Practice

It isn’t possible to provide a single set of pre-defined standards which would be applicable to all due to the variety of technologies in existence. However each company is required to:

1. Adopt a coding standard and ensure it is documented. Standards will vary based on your industry and technology stack. Instead of creating new standards, use existing industry-standard ones when possible. Consider adoption of CERT standards. Useful reference
   Coding Standards and Best Practices to Follow | BrowserStack
2. Coding standards should be introduced to developers during their onboarding and induction process.
3. Where possible enforce these standards through:

• regular (human) code reviews
• automatically during code check-ins using static analysis tools like SonarQube - rejecting code that doesn’t meet the standard.

4. Standards should be consistently applied across all projects & products (this is easier if using a tool)

Documentation

Comprehensive documentation must be created for all code and systems, this ties in with the requirements in

Documents must include:

1. Diagrams of the system components - adopt the C4 model as a standard 4 layer model - https://c4model.com/
2. Instructions on how to build and compile the code, including how to setup a developer machine to do this.
3. Instructions on how the code is deployed and configured into a test and production environment (for example pipelines or manual configuration)
4. Documentation on what infrastructure is needed to support the application
5. Documents covering any overly complex or intellectual property (IP) parts of the code/system.

Testing

Ideally testing is carried out by both developers and test engineers, both skillsets compliment each other to provide a wide coverage of scenarios and technical tests.

Testing must cover:

• Unit testing of code modules - typically through an automated test framework at build time. These tests are typically written by developers.
• Automated testing of the system - both via the user interface and through the use of test harnesses for API services.
• Introduction of “mocks” and “stubs” to emulate 3rd party services to aid testing.