Contents

Tools that can speed up your programming work

Michał Matłoka

23 Feb 2023.6 minutes read

Tools that can speed up your programming work webp image

Every day programmers' work can be exciting and challenging. However, some tasks can be tedious and monotonous. Let’s take a look at tools that may help you in your everyday work and make your programmer’s life easier!

Sonar - static code analysis

Code reviews are part of every programmer’s day. When you go through hundreds of lines of code daily it is possible to omit some mistakes. In other cases, when working with starting junior devs you may need to create a lot of comments.

Static code analysis tools can help with that. They are not new inventions on the market. By leveraging a predefined set of rules they may automatically check pull requests and mark places that should be corrected, additionally informing why. Such tools can be used locally, pre-commit, or on the CI during the review stage.

What are the possible choices? One of the most known is Sonar.

Currently, it is available in 3 options:

If you’d like to learn how to use Sonar in your project, take a look at our other publication.

Dependabot, Renovate, Scala Steward - keep your dependencies up to date

One of the types of technical debt is related to outdated project dependencies. At first, you may be missing only bug fixes & security fixes, but as time grows suddenly it appears that you’ve missed 2 major releases and your version is no longer maintained. Unfortunately, those types of issues accumulate. Libraries depend on each other. You may reach the moment when it appears that you have to migrate all major frameworks&libraries used in your service at once. This makes the operation longer and riskier. The much better option is to go slowly step by step. But who has time to constantly check if new versions appear? Probably nobody.

Fortunately, there are tools that can help you with that. The most basic ones are just plugins to your build system or IDE, which shows which libraries have new updates, separately mentioning minor and major releases. The more advanced ones automatically create pull requests (PRs) with updates for you. Such PR can even have the changelog automatically fetched from the project release notes. CI fetches such PR and automatically says if it works in the context of the unit, integration, and end-to-end tests you have in your project.

Among examples of such tools you can find:

Before choosing one, check what programming languages & build systems they support.

There is one more thing which can help you. When you start using those types of tools you may get flooded with many Pull Requests. You have a few numbers of ways to deal with that:
The most simple one - is to have weekly duties, during which different team members handle them. A single person gets tired and bored very quickly.
Configure proper check intervals, e.g. limit the PRs to be prepared only once a week.

Start using tools, which automatically merge some of the PRs under a set of conditions. For example, updates of hotfix and minor versions, which pass all the tests can be automatically merged and deployed to the development environment. Tools that could help you with that are Mergify and GitHub auto-merge. Renovate has such features built in.

Trivy & Snyk & OWASP Dependency-Check - security issues scanners

Security is a very important matter. Mistakes in that space may cause the whole company to fall. There are multiple areas in which security practices are applied - from workplace security, via infrastructure and procedures to the code itself.

Trivy is a very interesting tool that can be used to scan not only Docker images, but project repositories, VM images, and others. It allows detecting issues in OS packages (e.g. in container images), but also in libraries used with selected build systems. Additionally, it can show misconfigurations & some bad practices.

Another tool is snyk. It detects code and dependencies vulnerabilities (also with Scala Sbt) and allows to scan containers & Infrastructure as a Code. It can be integrated both with IDE and CI pipeline.

OWASP (Open Web Application Security Project) foundation provides yet another Dependency-Check tool. It allows you to detect disclosed vulnerabilities in your project dependencies. It offers plugins for e.g. Maven, Gradle, SBT, but also Jenkins and SonarQube!

In the security space, it would be worth having checks setup on CI for new PRs, but also periodical checks should be done, just in case any new vulnerabilities are found.

GitHub Copilot - your AI partner

Will AI take our jobs in the future? Maybe, but for now, it can just help with the work.

GitHub Copilot leverages OpenAI to suggest entire functions in real-time when writing the code. It can be used as a plugin with the most important IDEs and helps most in repetitive tasks. Take a look at the video below, to be impressed with what it actually can do.

Copilot is free for popular open source projects. Otherwise, it costs 100 USD per year for individuals. Unfortunately, there are some controversies about it. Open source developers indicate that Copilot learned from the open source code. However, the whole service is paid and does not include info about licences&authors of the code it learned from.

ChatGPT - the new chapter

I suspect that no one in IT has not encountered ChatGPT-related content during the last weeks. What it can do is impressive. Do you want to compose a song about SoftwareMill? No problem.

chatgpt

Do you want to generate CRUD using Scala, Sttp, and Doobie based on a specific domain model? Also done. Quite scary. How can it be used by programmers? As an assistant. It can be an alternative to Google & Stack Overflow.

It can help build very rough Proof of Concepts, or be a base for the handwritten code. However, I won’t be surprised if during the next years we will see simple apps, earning money, based totally on ChatGPT-generated content.

No-code&low-code - do things without writing code

No-code&low-code have been trending during the last few years. There are things that can be done without or with a minimal amount of code. Usually, they are used for rapid development, to do internal tools, or to bring ideas quickly to market for evaluation. The results may not be highly scalable and ready to serve millions of users, but it depends. They probably won't be the cheapest in the long run, but in some cases, it's worth a try.

What are the examples? Zapier can be used for simple automation. If you want to post your programmer blog post on Facebook and automatically share them later to Twitter - Zapier can do that. It integrates with a lot of services related to e-mail, social media, and various cloud tools. You can define flows where e-emails are automatically sent as a result of some customer action. Similarly, you can automatically inject entries into your sales system when you receive customers’ emails. The only limit is your imagination. Maybe you need a simple website and mobile application? No problem, you can use e.g. Wix. For more interesting ones, take a look at the following Tweet.

Conclusions

Programmers are still needed! However, knowledge about various tools and products can help them become even more productive. Some simple things can be done now without writing code, but it's usually a matter of tradeoffs. It is needed to compare how much it would be needed to develop something manually vs what are the long-term service costs, privacy, security terms, and others. As usual in software engineering work, what you should use is not a simple question. The answer is as usual: it depends!

Reviewed by: Łukasz Lenart

Blog Comments powered by Disqus.