Posted by Ryan OMeara on March 12, 2018
Developing an open source project can seem daunting at times. Finding time to dedicate to a project can be difficult, and when it finds success, reported issues and proposed changes to review can seem endless. Selecting open source libraries to use is no easier — you must make a choice between multiple options, and short of reviewing the library’s entire codebase, how can you make such a selection (and know you made the right one)? The open source community has answers to these problems by automating many common-sense checks into contributing and providing ways to show summaries of those results to prospective users.
There’s a lot to do to get things right as a developer — you need to test and review changes continuously. Finding even simple quality issues becomes a challenge as your project grows. Many solutions attempt to automate reviewing the quality of projects, and one of the best places to provide feedback is when making a pull request. A project maintainer has the opportunity to see changes that have been proposed, consider how it will impact the standard of quality on the entire project, and provide immediate feedback about the impact on quality. Issues as simple as failure to compile and as complex as added security vulnerabilities can be identified and corrected before changes are ever accepted into the code base.
Those looking to select a library can also benefit from the same automated solutions. Aside from providing feedback when changes are proposed, most solutions also have results for the existing code base of a library. Often these results are summarized in a simple metric that you, as a project owner, can place within your documentation for easy viewing by potential users. Information such as the current state of continuous integration builds, code coverage, and security can give a sense of the library’s quality in a way users can easily understand and refer to when choosing from the variety of options available.
Using solutions integrated into development is of great benefit to everyone who builds, maintains, or uses open source software. These tools put in-depth information at a developer’s disposal — where decisions are made. Potential users can look at the current state of the project based on these same metrics, making a project stand out among its peers. With so many free options available for using, evaluating and contributing to open source projects and components, improving the quality of the projects in the community has become a lot easier than it once was.
Get the latest Software Integrity news, thought leadership, and more.