Code integrity

Code integrity is a measurement used in the software delivery lifecycle. It measures how high the source code's quality is when it is passed on to QA, and is affected by how thoroughly the code was processed by correctness-checking processes (whether manual or automatic). Examples for such correctness-checking processes can be unit testing and integration testing, code review, test automation, AI-based code analysis etc.^[1] Code integrity is the combination of applying code correctness processes (software quality) along with metrics that measure the completeness of these correctness-checking processes, such as, for example, code coverage. While code integrity is usually achieved by unit testing the source code to reach high code coverage, it is definitely not the only way, or the best way, to achieve code integrity. In fact, code coverage, a popular metric to measure the thoroughness of unit tests, is known to have a limited correlation with the measure of real code integrity.^[2]

Developer's confidence

Code integrity is not just about the correctness of the code, but also about developers’ confidence regarding correctness of their code. With code integrity, the developer can be sure that his/her code is written correctly when passed on to QA. This is, in fact, the expected quality level of the code. Code integrity helps developers and companies release better products, with fewer bugs, in a shorter time.^[3]

Shift-left testing and shift-left code integrity

Companies who practice code integrity avoid the classic scenario where the development stage is delayed, delaying the QA stage, delaying the release stage. Products of companies that do not adopt code integrity are released with more bugs (due to time pressure), users report tons of bugs back to the development team, and they start working on version 1.1 shortly after releasing version 1.0, just to fix bugs that could have been avoided.^{[citation needed]}

Shift-left testing is a method to perform related testing during the initial processes of software development, since the QA department cannot measure the code's integrity even after all their tests are run. Shift-left testing and code integrity are tightly connected but integrity consists not only of the testing part of the job which is a sub-task of the larger process of shift-left code integrity. This process not only applies more unit tests along with higher code coverage, but also involves various other correctness-checking processes against relevant data.^[4] Here are some examples:

• Unit testing of the code
• Integration testing
• Code review
• AI-based code analysis
• Automatic testing
• Assigning a code integrity manager

Examples of correctness-checking completeness metrics

• Pure code integrity metric formulation is: 1 − (Non-covered bugs) / (Total bugs), In words: the perfect code integrity minus the number of bugs that weren't covered by unit testing, divided by the total bugs found during the entire product cycle including development, is the code not in integrity.
• Different types of code coverage (line-coverage, branch-coverage etc.)
• Mutation testing

Advantages of shift-left code integrity

• Shorter development time - bugs that are found during the development stage are fixed faster and easier than bugs found in later stages.
• Lower development costs – It's cheaper to fix bugs that are found during the development stage than in later stages.
• Confidence in your code's quality – Releasing products with high code integrity means more positive feedback from your customers.
• Makes the QA's work much more efficient – The QA concentrates on testing the system, without worrying about bugs that could have been easily found through proper unit testing.

Shift-left code integrity enablement

This concept is based on the fact that developers would be able to make full use of the technological advantage if they have the relevant testing tools available to them from the start. As newer software become more and more complex and includes more dependencies, including the right side of the V-model in developers' roles will help them to assume control of the unit testing & integration processes.^[3][5] The result will allow developers to bring up complete environments in many software companies. This trend is expected to continue because in many cases it is impossible to perform unit/integration testing without the full system's context.^[6]

References

1. Sharma, Tushar; Kechagia, Maria; Georgiou, Stefanos; Tiwari, Rohit; Vats, Indira; Moazen, Hadi; Sarro, Federica (2021). "A Survey on Machine Learning Techniques for Source Code Analysis". arXiv:2110.09610 [cs.SE].
2. Hemmati, Hadi (2015). "How Effective Are Code Coverage Criteria?". 2015 IEEE International Conference on Software Quality, Reliability and Security. pp. 151–156. doi:10.1109/QRS.2015.30. ISBN 978-1-4673-7989-2. S2CID 7305779. Retrieved 15 March 2023.
3. Gadi Zimerman (11 November 2022). "Tests are not enough – Why code integrity matters?". Retrieved 16 March 2023.
4. Bjerke-Gulstuen, Kristian; Larsen, Emil Wiik; Stålhane, Tor; Dingsøyr, Torgeir (2015). "High Level Test Driven Development – Shift Left". Agile Processes in Software Engineering and Extreme Programming. Lecture Notes in Business Information Processing. Vol. 212. pp. 239–247. doi:10.1007/978-3-319-18612-2_23. ISBN 978-3-319-18611-5. Retrieved 15 March 2023.
5. Rook, Paul, E. Rook (1986). "Controlling software projects". Software Engineering Journal. 1 (1): 7–16. doi:10.1049/sej.1986.0003. Retrieved 15 March 2023.
6. Mowad, Abrar Mohammad; Fawareh, Hamed; Hassan, Mohammad A. (2022). "Effect of Using Continuous Integration (CI) and Continuous Delivery (CD) Deployment in DevOps to reduce the Gap between Developer and Operation". 2022 International Arab Conference on Information Technology (ACIT). pp. 1–8. doi:10.1109/ACIT57182.2022.9994139. ISBN 979-8-3503-2024-4. S2CID 255419041. Retrieved 15 March 2023.