Enterprise Software Supply Chain Manager (ESSCM)
Code Quality
Code quality metrics and technical debt assessment
Code Quality
The Code Quality tab provides insights into maintainability, technical debt, and code health metrics for your project's dependencies.
Overview
Code quality analysis helps you:
- Assess dependency maintainability
- Identify technical debt
- Evaluate community health
- Make informed upgrade decisions
- Track quality trends over time
Quality Metrics
Maintainability Index
A composite score (0-100) measuring how easy dependencies are to maintain:
| Score | Rating | Description |
|---|---|---|
| 80-100 | Excellent | Well-maintained, active development |
| 60-79 | Good | Regular updates, responsive maintainers |
| 40-59 | Fair | Occasional updates, some concerns |
| 20-39 | Poor | Infrequent updates, maintenance concerns |
| 0-19 | Critical | Abandoned or severely neglected |
Calculation Factors
| Factor | Weight | Description |
|---|---|---|
| Update Frequency | 25% | How often package is updated |
| Issue Response Time | 20% | Time to respond to issues |
| PR Merge Time | 15% | Time to merge pull requests |
| Documentation | 15% | Quality of documentation |
| Test Coverage | 15% | Available test coverage data |
| Community Size | 10% | Contributors and users |
Dependency Health
Health Indicators
| Indicator | Status | Meaning |
|---|---|---|
| 🟢 Healthy | Active | Regular updates, responsive maintainers |
| 🟡 Aging | Stale | No updates in 6-12 months |
| 🟠 Deprecated | Warning | Officially deprecated by maintainer |
| 🔴 Abandoned | Critical | No updates in 12+ months |
Viewing Health Status
- Open project
- Navigate to Code Quality tab
- View dependency health overview
- Click individual dependencies for details
Technical Debt Assessment
Debt Categories
| Category | Description |
|---|---|
| Version Debt | Dependencies behind latest stable |
| Security Debt | Unfixed vulnerabilities |
| Maintenance Debt | Dependencies with poor maintenance |
| License Debt | License compliance issues |
Debt Score
Each project receives a technical debt score:
- Low Debt (0-20) - Well-maintained, current
- Moderate Debt (21-50) - Some updates needed
- High Debt (51-80) - Significant updates required
- Critical Debt (81-100) - Major refactoring needed
Analyzing Dependencies
Dependency Cards
Each dependency shows:
| Field | Description |
|---|---|
| Name & Version | Package identifier |
| Latest Version | Most recent stable release |
| Health Status | Current maintenance status |
| Last Updated | When package was last released |
| Maintainers | Number of active maintainers |
| Weekly Downloads | Usage popularity |
Deep Analysis
Click a dependency for detailed analysis:
- Version history
- Changelog highlights
- Breaking changes
- Migration guides
- Community metrics
Recommendations
Update Recommendations
Safeguard.sh provides upgrade recommendations:
| Priority | Recommendation |
|---|---|
| Critical | Security update required |
| High | Major version behind, upgrade recommended |
| Medium | Minor version available |
| Low | Patch available |
Breaking Change Detection
Before upgrading, view:
- API changes
- Deprecated functions
- Required code changes
- Migration complexity
Reports
Code Quality Report
Generate comprehensive reports:
- Click Export → Code Quality Report
- Select report scope
- Choose format (PDF, CSV)
- Download report
Report Contents
- Overall quality score
- Dependency health summary
- Technical debt breakdown
- Update recommendations
- Risk assessment
Tracking Over Time
Quality Trends
View how code quality changes:
- Monthly quality score trends
- Debt accumulation/reduction
- Dependency freshness over time
- Maintenance status changes
Setting Goals
Set quality improvement goals:
- Go to Settings → Quality Goals
- Set target metrics
- Track progress in dashboard
- Receive alerts when off-track
Integration with CI/CD
Quality Gates
Include code quality in your pipelines:
# GitHub Actions example
- name: Check Code Quality
run: |
safeguard quality check --fail-on debt-score:50Quality Metrics in PRs
View quality impact in pull requests:
- New dependencies added
- Dependencies updated
- Quality score change
- Technical debt impact
API Access
# Get code quality metrics
curl -X GET https://api.safeguard.sh/v1/projects/{id}/code-quality \
-H "Authorization: Bearer $API_KEY"
# Get dependency health
curl -X GET https://api.safeguard.sh/v1/projects/{id}/dependencies/health \
-H "Authorization: Bearer $API_KEY"Best Practices
Regular Reviews
- Review code quality monthly
- Address critical health issues promptly
- Plan dependency updates proactively
- Budget time for technical debt
Update Strategy
- Update dependencies regularly
- Test updates in staging first
- Use semantic versioning
- Document breaking changes
Monitoring
- Set up quality alerts
- Track trends over time
- Compare across projects
- Benchmark against industry