Quality and Market Readiness Assessment at OW2

OW2 is dedicated to improve the quality and the market readiness of the OW2 code base. Having good quality code and a good reputation for code is essential for the success and growth of OW2. It is also essential for the growth of the downloads and the dissemination of the OW2 code. These efforts target primarily the mature projects.

OSCAR – Open-source Software Capability Assessment Radar – is the platform supporting and enabling OW2's quality and market readiness program. It started as SQuAT – Software Quality Assurance and Trustworthiness. OSCAR’s structure is aligned with what we call the OW2 Process comprised of four sections, Technology, Governance, Quality and Delivery, each of which is instrumented by one or several tools as illustrated by the figure below. 


OSCAR sections and tools

OW2 endeavors to integrate tools to help projects produce reports on the quality of the code, and on the quality of the IP. OW2 has incorporated into its governance process a requirement that, for a project to be moved from incubation to mature, the project must produce a report on the quality of its code and on its IP compliance. The final decision is left to the Technology Council; however, OW2 is not a certification office.

Quality assessment tools

Open-source Maturity Model

The Open-source Maturity Model (OMM) is a maturity model and assessment methodology from the QualiPSo project. The OW2 OMM assessment template to be filled in by OW2 projects is available at OMM and is under constant evolution under the leadership of the OW2 Technology Council.

SonarQube - Static code analysis

SonarQube is a static analysis solution covering a wide variety of languages including Java, Python, Erlang, C++. It implements the SQALE methodology to evaluate the technical debt of a project. Browse the OW2 SonarQube instance

ScanCode Toolkit

ScanCode detects licenses, copyrights, package manifests & dependencies and more by scanning code ... to discover and inventory open source and third-party packages used in your code. ScanCode is a new tool recently deployed in replacement for FOSSology. As a consequence do not be surprised to see FOSSology reports still published on project dashboards. FOSSology is an open-source license compliance software system and toolkit. It allows you to run license, copyright, and export control scans from the command line or from a Web user interface. FOSSology implements the SPDX standard – Software Package Data Exchange. The results of FOSSology applied to the OW2 projects are available from the projects dashboards. Browse the OW2 Fossology instance

STAMP Descartes mutation testing

Descartes uses "extreme mutation testing" to detect pseudo-tested code: basically, it empties methods (removing the code !) and passes the JUnit test suite. When tests still pass, code is considered "pseudo-tested" (there IS a test, but it does not detect that the code vanishes !).

OW2 recommends three ways of running Descartes:

- As a standalone analysis tool (no configuration: maven command-line, or minimalistic plugin configuration when customization is needed).

- In connection with the project's Gitlab, when hosted on OW2 Gitlab (or any Gitlab instance): OW2 has developed a Descartes extension to generate issues when pseudo-tests are detected. Some configuration in the pom.xml and the Gitlab project is required.

- Like a code coverage tool, that can break the build when the mutation score is too low (in the same way than code coverage tools, when coverage is too low). Some configuration in the pom.xml is required.

Risk models

OW2 has defined a set of risk models used to compute the projects' market readiness.  Each model consists of normalization intervals, a license risk function, a quality risk function and an activeness risk function. These models were created in the frame of the RISCOSS EU project. Click here to browse these models.