jade rubick
Edit this page on github

šŸ“ˆ Metrics tooling

Engineering metrics and measurement tools including DORA metrics, SonarQube code quality analysis, and Core4 framework insights.

DORA measurements

  • https://devlake.apache.org/ ā€œdoes a good job of pulling metrics for freeā€.
  • Datadog has a DORA module that is ā€œfreeā€.

Other engineering measurements

  • Core4 is a later iteration on DORA and SPACE metrics.

SonarQube

I have an acquaintance that is doing some due diligence on SonarQube, and I offered to collect some information for him. Anyone have experience with it or similar tools, and willing to answer these questions?

Is the solution a nice to have or essential for any modern, high velocity eng team?

  • ā€œIā€™ve used it at three startups. It depends, but I can say the following: While you can do fine without it, Iā€™d say itā€™s a ā€œmust-haveā€ if you can work with it.ā€
  • ā€œProbably more essential than not. It comes up on security questionnaires very often, so if youā€™re a SaaS then you probably need it. It provides generally useful data, although someone has to parse the output and usually make prioritization decisions.ā€
  • ā€œI think itā€™s essential. I use this as part of my SOC2 compliance, leaning particularly on gating commits on sonar runs passing & peer review. It also is checked in security questionnaires.ā€

What is the preference (assuming value prop is strong/clear) between a self managed solution versus a cloud one?

  • ā€œIā€™d recommend a light self-hosted POC to see how it goes before jumping into a paid SaaS.ā€
  • ā€œI use Sonarcloud, we pay with a CC on lines of code, ~$150 a month for covering all prod repos managed by about 45 engineers. Itā€™s a slam dunk on cost to value.ā€

Advice:

  • Find a team whoā€™s interested in it/or interested in trying it out, and let them experiment with it (that should be 150-200 USD); let them tinker with it for a while, and keep gathering feedback/metricsā€¦ within a few weeks (6+) youā€™ll have some data to make a decision.

  • If the team is resistant to change or believes they donā€™t need it, it will be challenging, especially when SonarQube will spam them while pointing out every l ittle detail in their code (they might hate it)

  • Itā€™s hard to roll out, especially initially. There are settings for ā€˜a line in the sandā€™ where commits that donā€™t make things worse pass, but old stuff doesnā€™t need to be cleaned up.

  • It helps tremendously to have advocates for this, pairing a rollout with good IDE settings to let a dev know before they commit if itā€™ll pass.

  • You need to teach folks why youā€™re doing it, otherwise itā€™s just a hurdle.

  • I would also recommend a slow rollout, find your advocate, pick one repo, educate the contributors, ā€¦, profit.