OverOps, a provider of tools for dynamically analyzing code at runtime, has partnered with SonarQube, a provider of static analysis tools for source code, to enhance application quality by unifying code analytics.

Chen Harel, vice president of product for OverOps, said the two companies have collaborated to create a plugin through which DevOps teams can now more easily analyze source code before it gets deployed in a production environment.

The goal is to equip DevOps teams with the tools required to assure application quality as more responsibility for maintaining applications continues to shift left on to the shoulders of developers, said Harel. In the absence of tools to analyze code, he noted, developers are not going to be able to identify, for example, potential vulnerabilities in source code and errors at run-time.

The plugin also allows issues identified by OverOps at runtime to be fed back into the SonarQube tools for analyzing source code to identify issues that previously would not have been discovered, he added.

Specifically, when the OverOps plugin is installed, it automatically creates an event rule for Java code based on new, critical, resurfaced and unique runtime errors. When a quality gate fails a release based on these criteria, users can view the issues directly within their SonarQube dashboard. OverOps then provides a direct link to the event analysis containing the full context behind the error, including the stack trace, variable state and system state.

As a result, Harel said DevOps teams are going to be able to reproduce an issue much faster, which should result in much shorter times to remediation. Without such tools, DevOps teams can spend weeks reproducing an error that only takes a few minutes to actually fix.

Harel said with both the OverOps and SonarQube tools included as part of the gates set up within a continuous integration/continuous delivery (CI/CD) platform, it becomes possible to substantially improve the overall quality of the applications being developed. That’s critical because developing applications faster often results in more errors having to be addressed, said Harel.

There’s a lot of debate these days concerning the degree to which the adoption of DevOps might be increasing the total cost of IT. It’s a lot more expensive to fix an application after it’s deployed in a production environment than it is to address issues as they arise in the application development process. As such, there’s a lot more focus on code analytics to help ensure that DevOps processes are churning out not just more code faster but also higher quality applications.

Of course, the level of DevOps sophistication tends to vary widely by organization. However, as more gates that address application quality assurance are erected on CI/CD platforms, the better the DevOps outcome will become. The challenge is making sure the DevOps culture being fostered prizes application quality as much as it does how much code is being written and deployed how fast.

— Mike Vizard