Risk Analysis

CodeScene analyses the risk of each commit. This lets us present both a risk trend and also an early warning as soon as a high risk commit is detected.

You use this information to react early and focusing code reviews and testing. You also use the overall risk trend as input and feedback on planned delivery activities.

How Does CodeScene Know That a Commit is High Risk?

CodeScene calculates a unique risk profile for your codebase. The risk profile is based on how the system has evolved and what a typical change looks like. That is, CodeScene looks more at how a commit looks than the changed code itself.

CodeScene’s risk profile is a combination of technical and social metrics. The technical metrics relate to the amount of code that is changed, how many different files that are changed, and the diffusion of the changes (e.g. how many different sub-systems does the commit touch).

The social dimension of the risk profile relates to the experience of the programmer doing the change. The more experienced the programmer, the lower the risk. This means that two commits with identical changes may be classified differently depending on the programmer who made the change; Experience mediates risk. For example, if I make a large sweeping change to the Linux kernel, my change probably has higher risk than an identical change made by Linus Torvalds. Please note that experience is relative to your codebase and measured as how much each programmer has contributed to your code historically.

The risk classification that you’ll see in CodeScene always combines these technical and social dimensions.

What’s the Scale of Commit Risks?

CodeScene scores each commit on the range 1 to 10. 1 is a low risk change and 10 is the highest risk. By default, CodeScene flags all commits with a risk of 7 (or higher) as high risk. You can change this threshold in the project configuration.

Inspect your Risk Profile

CodeScene delivers an early warning as soon as a high risk commit is detected as illustrated in Fig. 143.

An early warning on the dashboard

Fig. 143 An Early Warning for recent high risk commits.

Click on the early warning shown in Fig. 143 to view the commit details as illustrated in Fig. 144.

Details on high risk commits

Fig. 144 Inspect the details of each recent high risk commit.

CodeScene also calculates a rolling average of your risk profile. This analysis lets you reason about risk trends in your project and relate that trend to both your ongoing work as well as predict delivery risk.

A risk trend of your codebase.

Fig. 145 The risk trend shows the average risk in the evolution of your codebase.

The example in Fig. 145 shows a project where there’s a significant increase in the average risk during development. When you see a trend like this it’s important to understand why. Perhaps several large features are being implemented? Or perhaps there’s a change in the ways of working or development methodology? In any case, it would probably be a mistake to plan a release in July for this particular project since there has been a lot of recent high risk work that deviates from how the codebase grew before that date.

Risks Are Relative To The Analysis Period

It’s important to note that your risk profile is always relative to your particular analysis period. That is, you get a different risk profile if you analyze the complete history of your code versus a short retrospective analysis. This is by design and most likely to be the information you want.

However, you need to be aware that if you run a Retrospective analysis, you may see more high risk commits. That just means those commits stand-out compared to the rest of the work you did in that sprint/iteration; It doesn’t necessarily mean that those commits would be high risk relative to the complete evolution of your system. To find out, you need to run a full analysis.