Code Quality

What is Code Quality?

Code quality is calculated by running a set of checks on the source code of each component.

This includes direct and transitive dependencies.

List of Code Quality Checks

• Binary Artifacts: Has the project generated executable (binary) artifacts in the source repository?

• CII Best Practices: Does the project have a CII Best Practices badge?

• Fuzzing: Does the project use fuzzing in OSS-Fuzz?

• Pinned Dependencies: Has the project declared and pinned its dependencies?

• CI Tests: Does the project run tests before pull requests are merged?

• Code Review: Does the project require a code review before pull/merge requests are assimilated?

• Maintained: Is the project actively maintained?

Understanding Code Quality

• Count of components that have code quality issues is displayed towards left, along with the category of the components (open-source, private, third-party, unknown).

• The code quality issue count is displayed towards the right, grouped by severity (critical, high, medium, low).

• Each tile is clickable which will list down the components applicable to that filter in a table view. The details will list the component name, version and a capsule for code quality checks.

• By clicking the code quality checks capsule, next level details will be shown as below.

• By clicking on any row, the sidesheet shows up as shown below.