Code Quality

What is Code Quality?

Code quality is calculated by running a set of checks on the source code of each component.

This includes direct and transitive dependencies.

List of Code Quality Checks

  • Binary Artifacts: Has the project generated executable (binary) artifacts in the source repository?

  • CII Best Practices: Does the project have a CII Best Practices badge?

  • Fuzzing: Does the project use fuzzing in OSS-Fuzz?

  • Pinned Dependencies: Has the project declared and pinned its dependencies?

  • CI Tests: Does the project run tests before pull requests are merged?

  • Code Review: Does the project require a code review before pull/merge requests are assimilated?

  • Maintained: Is the project actively maintained?

Understanding Code Quality

  • Count of components that have code quality issues is displayed towards left, along with the category of the components (open-source, private, third-party, unknown).

  • The code quality issue count is displayed towards the right, grouped by severity (critical, high, medium, low).

  • Each tile is clickable which will list down the components applicable to that filter in a table view. The details will list the component name, version and a capsule for code quality checks.

  • By clicking the code quality checks capsule, next level details will be shown as below.

  • By clicking on any row, the sidesheet shows up as shown below.

PreviousSecurity PostureNextSuppliers & Licenses

Last updated