Thinking about building your own multi-language custom source code analyzer platform using open source components? Sure, the upsides seem to add up: no licensing fees, great customization ability, and an impressive new entry on your resume (making it even shinier). Read that project charter once more before you sign it in ink, because our experience has shown it’s not quite that simple.
Source Code Analyzer: What is under the code?
First, what we mean by “multi-language custom source code analyzer platform” is a platform that analyzes all the source code underlying your critical custom software applications and projects, and:
- Delivers consistent and business relevant measurements, trends, and benchmarking
- Enables staff to identify and address flaws causing instability and excess complexity
- Provides insights on the trajectory of code quality and complexity
- Analyzes flaws at both the code and component interaction levels across all technology layers
Anything less would leave your applications difficult to manage, your users unsatisfied, and your management team in the dark.
Hidden Costs of Building an Open Source Code Analyzer
This is a big undertaking. Yes, you’ve seen much bigger projects, but this one comes with significant hidden costs:
- Scarce Expertise – Open source doesn’t automatically mean easy-to-integrate. In fact, many times, it means quite the opposite. Many companies resort to hiring expensive code quality consultants when it’s time to integrate the results. And, if this happens in the middle of the project, after your team has thrown in the towel, it can be extra costly.
- Training – Sure, you can develop your own source code analyzer and parsing expertise. But, it takes time, money, and you have to be sure you can retain the talent once they are trained.
- Project Scope Creep – Currently available open source code analyzers are mostly based on Java. If you applications are based in C, COBOL, .Net, or other commonly used languages, you may need to purchase or extend additional custom code analyzers. This means a significant expansion in the original scope of the project.
- Inability to Scale – Many open source code analyzers work very well at the individual developer or small team scale. However, an organizational-wide adoption of code analysis requires sharing of information, easily accessible visibility, and meeting all technologies needs of the entire organization. Often, companies see huge hurdles to adoption or outright abandonment because it was simply not useful for everyone.
- Opportunity Cost – We estimate that it takes two resources over five years to build an adequate software quality analysis platform (10 man-years) for a specific environment. That means these management and development resources have to deprioritize tasks that may have better returns.
- Waiting for Return – Typically the value of software quality analysis and the process that implement to address it begin to materialize 6 - 12 months after initial implementation. Building your own means that the return is that much further down the timeline.
An off-the-shelf solution will not only help you avoid the above hidden costs, but also deliver immediate code quality improvements. Plus, a proven provider will help you navigate through challenges that you may face during implementation.
This is the first in a series of two blog posts. In the next post, we will look at the hidden costs of owning and maintaining your own software quality analysis platform based on open source components.
Erik Oltmans, an Associate Partner from EY, Netherlands, spoke at the Software Intelligence Forum on how the consulting behemoth uses Software Intelligence in its Transaction Advisory services.
Erik describes the changing landscape of M & A. Besides the financial and commercial aspects, PE firms now equally value technical assessments, especially for targets with significant software assets. He goes on to detail how CAST Highlight makes these assessments possible with limited access to the targetâ€™s systems, customized quality metrics, and liability implications of open source components - all three that are critical for an M&A due diligence.