Semmle has the unique ability to interpret the change history contained within your software repositories. This allows you to learn more about the behavior of your development teams and improve as an organization.
Here are some of the insights Semmle has helped customers gain.
Contract developer cost vs. performance
To help optimize IT spending, a company used Semmle to analyze contractor performance versus cost. The Semmle visualization to the right shows that contractors from certain regions performed better quality work for the money. This insight helped the customer change their contractor mix to get more value out of the investment.
Benchmarking project quality
This plot shows how the code quality of the customer’s project (red dot) compares to projects of various sizes from within the customer’s industry (gold) and open source (blue). The vertical axis shows the total number of code quality issues, and the horizontal axis depicts the number of lines of code. The customer’s code base shows a higher proportion of violations per lines of code than average, which has the potential to raise costs, slow delivery, or lessen the user experience. This customer ended up reorganizing the team to improve quality.
The GitHub effect
GitHub facilitates thorough code reviews, which results in the elimination of errors, bugs, and maintainability issues from the code. The Semmle visualization on the right made the GitHub effect very clear to this customer: net new alerts dropped and then leveled off following their switch to GitHub.
Measuring process compliance - test driven development
A global head of software development asked whether Semmle could show if test-driven development (TDD) was being practiced by all projects in their portfolio. Studies have shown TDD can reduce software errors by 50%, so the customer had made it standard practice and invested in training and enablement across the software organization. With TDD, you would expect the number of test methods to rise with the amount of new code created. Semmle shows that all but two portfolio projects appeared to be adopting TDD.
Integrating performance data to prioritize code fixes
A software company used Semmle QL to find all instances in their code of string concatenation within a loop, which can slow performance. Semmle found 121 instances. Rather than re-code all instances, they integrated performance profiling data into their Semmle knowledge base and re-ran the search to output the performance cost of each instance. The table shows that only one instance was costly; the rest were livable. This study helped them understand the scope and impact of a coding decision and take appropriate corrective measures.