I'm genuinely struggling with how many code quality tools we should be running in our development stack. Currently, we have seven tools in play: SonarQube for quality gates, ESLint for linting, Prettier for formatting, Semgrep for security analysis, Dependabot for dependency updates, Snyk for vulnerability scanning, and various GitHub checks that often feel redundant. While all these tools seem to indicate mature engineering practices, it's becoming overwhelming. We're seeing the same pull requests flagged by multiple tools, leading to confusion and slow reviews. Often, we find ourselves fixing issues with the tools rather than the actual code. I understand the purpose of each tool, but I'm starting to wonder if they're more of a hindrance to our velocity than a help. Are there any tools out there that can cover all these functions without the noise?
5 Answers
We actually run about 20 tools, but they only run at specific times instead of every commit. It’s management that’s been tricky for us, but it doesn’t slow down our velocity too much since we have them integrated into our IDEs and Git hooks.
Seven tools? That sounds excessive! I’d recommend sticking with one primary source for quality checks, like SonarQube or Semgrep. Removing duplicates will cut down the noise and enhance actual quality output.
Instead of adding more tools, why not analyze your current ones? If they’re all giving you similar feedback, consider which ones can be removed. You know your data best—what overlaps have you noticed?
If you already have Dependabot, why not switch to GitHub Advanced Security instead of continuing with Snyk? It might streamline things for you.
The number of tools isn’t a problem as long as they each serve a clear purpose. Focus on two main goals: preventing critical issues and ensuring consistent code style. If any tools don’t contribute to these, think about adjusting their settings or removing them. Personally, I run some checks as pre-commit hooks to speed things up, which might help your team as well.
I agree! Efficient tools definitely improve the process.
That makes sense! Fast tools like ruff can really help keep the feedback loop tight.