Peter McKee, Head of Developer Relations at Sonar – Interview Series

Peter McKee is the Head of Developer Relations at Sonar, a platform that solves the trillion-dollar challenge of bad code. Sonar equips developers and organizations to systematically achieve a state of Clean Code so that all code is fit for development and production. By applying Sonar’s Clean as You Code methodology, organizations minimize risk, reduce technical debt, and derive more value from their software in a predictable and sustainable way.

What initially attracted you to computer science?

I was always interested in computers from a young age. Even when I was initially pursuing another career path, I was continuously drawn back to computers and programming. At one point, my dad was running a steel company in Virginia and they had lost their consultant group. Since I had learned to program when I was younger, he invited me to work and build systems for him. I didn’t know, truthfully, what I was doing 100% at first, but I learned from books and doing the work on the job, and became completely self-taught. That continued to drive my interest in coding and computers and really cemented my interest in computer science.

Could you clarify how you would define what is Clean Code and why it is so important?

It’s been said for years now that software will eat the world, and I’d say we’re at the point now where it’s official – the world is built on software and every company is effectively a software company. At the foundation of good software is quality code, as code is at the core of all software and dictates its behavior and performance. This is why Clean Code — code that is consistent, intentional, adaptable, and responsible — is so important. Code that is clean is easy to understand and change, operates smoothly at runtime and contains no technical debt, therefore, making it fit for purpose. Clean Code is the standard that organizations should embrace to ensure that their software continues to be an asset — not a liability — and is the key driver for today’s business success.

Clean Code benefits teams and organizations of all sizes and maturity levels, and increases the value of software as a result. A few specific benefits are that it:

• Boosts development skills — Developers can detect, understand, and resolve issues as they code while also learning best practices
• Increases efficiency and productivity — Reducing continuous rework and long feedback cycles, resulting in greater productivity
• Reduces reputational and business risk — Clean Code ensures fewer security risks by enabling teams to proactively address issues before they reach production
• Lowers code-level technical debt — Clean Code gradually addresses the debt of the codebase without the need for a massive application overhaul and disruption
• Increases software development velocity — Clean Code standards and streamlined flows improve DevOps velocity, promoting faster time-to-market

Can you discuss the importance of consistency and structure in code, and what are some examples of consistent and Clean Code?

Consistent code quality is something every manager or technical director aims to maintain. Consistency is crucial when it comes to code quality because consistency leads to predictability. It’s written in a uniform and conventional way — all the code looks similar and follows a regular pattern, even with multiple contributors at different times. Consistent code is formatted, conventional, and identifiable. When consistent coding standards are adopted, developers become more efficient and are able to meet their delivery expectations with speed and precision.

Can you discuss the importance of code that can handle unexpected conditions, and why this should not be overlooked?

Developers are always trying to anticipate and prepare for unexpected occurrences during the design and development process, but this cannot be prevented in every instance. Unexpected states can arise due to unintentional misuse or intentionally triggered attacks. These unexpected states can inadvertently introduce security vulnerabilities that attackers can exploit. This is why developers should strive to always improve the quality and stability of their code and test for unexpected conditions. By following a Clean as You Code approach, teams can better accelerate new features, avoid unnecessary rework costs, and foster talent growth and retention. Clean Code promotes security, maintainability, and reliability, and can enable developers to anticipate and handle unexpected states more effectively and get the software back up and running quicker.

Can you discuss the benefits of using Generative AI for code generation?

Incorporating AI into the software development life cycle has its benefits, such as enabling developers to work more efficiently. In fact, GitHub research found that developers can complete tasks more than 50% faster using AI. GenAI can also generate code more quickly, and in turn take the burden of more tedious, routine tasks — like documentation or generating code snippets — off their plate, so they’re able to better concentrate on higher-value, rewarding work to solve more complex problems. No matter how code is created though, it is critical that it be checked against Clean Code standards to ensure the code is secure, reliable, and maintainable.

What are some of the potential pitfalls and risks of generated code?

 While AI can free up developers’ time to work on higher-value projects and boost productivity, it doesn’t come without risks. This is why the demand for developers won’t go away in the age of AI. Because GenAI tools can generate a lot of code quickly, there is a potential for errors. Here are a few specific pitfalls:

• Accountability: AI-generated code reduces the ability to hold people accountable for code created, which can make solving/addressing problems harder.
• Vulnerabilities: Because it’s taking largely crowdsourced information, there’s no guarantee that the produced code is safe or clean. There may even be bugs or security issues that can put business at risk.
• Quality: AI doesn’t double-check for quality, and just because it’s generated from AI doesn’t mean it’s efficient or high-quality.
• No context: Losing the human element naturally means that you lose the context of a problem or project. The AI-generated code must be reviewed to ensure it’s getting the job done in full.

When developers take a Clean as You Code approach with their code – human or AI-generated – they can ensure that it is fit for development and production and meets the required standards of their organization.

What are some other variables that should be considered in fit for production code?

 Developers who write code that adheres to Clean Code principles can be confident that their code is fit for development and production, which means the code follows certain characteristics:

• Consistent: The code should be consistent and follow a common style. Even if the code is worked on by several different developers over time, it should have a similar appearance and adhere to previously established patterns.
• Intentional: Intentional code should read like it was written with attention and care to convey its purpose; it should only have one available interpretation.
• Adaptable: Adaptable code is segmented and organized in a way that makes it easier to manage and see the relationships between each line of code. This makes the code structured for easy and confident evolution.
• Responsible: The code, and its developers, should be mindful of its ethical obligations concerning data and its potential influence on societal norms. The code should ultimately not present an ongoing risk of unintentionally harming third parties.

Can you discuss some of the various offerings by Sonar, and how it helps coders to build responsible, secure, high-quality code quickly and systematically?

 Through our industry-leading analyzers, Sonar identifies coding issues in a comprehensive manner and recommends fixes with short feedback loops while educating the developer in context, ultimately enabling organizations to build responsible, secure, high-quality code quickly and systematically. The core elements of the Sonar solution are SonarLint, SonarQube (self-managed; open source), and SonarCloud (SaaS), with extensive coverage that supports over 30 programming languages, frameworks, and infrastructures, 11 IDEs, and more than 5,000 coding and language-specific rules.

SonarLint, an IDE extension, provides the first line of checks to find issues in real time from the moment code is written. It catches a large portion of issues up-front and helps developers discover and fix errors like a spell-check for code. SonarQube and SonarCloud, the Sonar static analysis code review tools, continuously inspect and analyze the codebase, with SonarLint integration. Using quality gates to determine if code meets the defined standards of quality, security, and reliability for production, SonarQube and SonarCloud inspect code for bugs, vulnerabilities, security hotspots, and code smells.

Pairing our solution set with our Clean as You Code methodology  — an approach that follows set standards to keeping new, added, or edited code clean — developers and organizations are enabled to deliver Clean Code and remediate existing code organically, so they can focus on new, innovative projects that drive business value

How does Sonar assist with ensuring that the code is compliant and meets industry standards?

Sonar helps developers gain access to immediate and contextualized feedback, highlighting issues where they are in the codebase, within the development workflow based on years of language analyzer experience. Developers gain access to clear explanations for why an issue occurs and how to quickly remediate it, as well as additional resources for more in-depth learning. We have education built through the entire workflow, from the IDE to the CI/CD. For example, Sonar has specific MISRA C++ 2023 rules available in SonarLint to help teams create code that is best prepared for eventual certification. It offers coding guidance, explaining the why behind a flagged issue, and how to fix it, to ensure that the code being written is MISRA-compliant.

What is your vision for how AI will transform coding in the future?

 I think AI will continue to deliver great value in addressing developer burnout. While I don’t think AI will ever be able to off-load developers’ thinking and the human touch, I do think that even a few months from now we’ll see an entirely new set of GPTs — never mind what a few years from now will look like. I don’t believe technologists or developers will go away, but the nature by which they do their work every day will certainly change. The way developers use AI will be as simple and commonplace as Google searching for something as a shortcut. There’s much to be explored about the usage of AI, but we must still consider the human element at the forefront to check AI’s drawbacks. There is transformative potential for software development, but we must not let it run without any checks — especially when digital businesses today are dependent on the software that underpins it.

Thank you for the great interview, readers who wish to learn more should visit Sonar.