A few years ago, my prior startup was acquired by IBM. As part of their due diligence, they flew a team of ~20 people to Cambridge and we camped out in the Charles Hotel for two days of functional reviews. For Engineering, the process included a code review based on multiple tools, each focused on a different area, like security, complexity, or third-party risk. When it was done, IBM had a comprehensive understanding of our code and our team. But this was only because both parties were willing to invest substantial resources to shore up an otherwise manual, cumbersome, and tedious process. 

Why was that the case? 

And what does this mean for day-to-day code evaluation? 

It’s not pretty. Modern engineering organizations are awash in stove-piped evaluation tools that individually provide value, but cost teams dearly as they try to bring signal to the noise. This post will examine these costs in detail and share best practices for managing them. 

‍

Code Evaluation Tool Sprawl

Even a 50-person engineering team can quickly find themselves with a boatload of code evaluation tools. Partly this is because, from static analysis, to security, to third party dependencies, and beyond, there are so many categories. In addition, sufficient code coverage could require multiple tools in a single category. Then, of course, there is simply organizational complexity that results from mergers and acquisitions (M&A) over time, different business units, different geographies, offshoring, and so on, all making their own choices. 

‍

Types of Code Evaluation Tools and Their Costs

Here is a partial list of some of the tool categories with representative software code review platform vendors and average cost. 

Source: Claude

‍

How Tool Fragmentation Impacts Code Evaluation

Just seeing that list is probably a little triggering from a cost perspective. The visible costs of the licenses, infrastructure to run, integration, and configuration is eye-watering. And the list spans centralized approaches and licensing as well as developer end-point approaches and licensing. It can all add up very quickly. 

But the sad truth is that those costs are likely dwarfed by the hidden costs of such a stove-piped, fragmented approach. If you’ve managed it before, you likely feel guilty over the toll it takes on team members you’ve asked to bring signal to the cacophony of noise generated by all of these tools. Doing so requires them to endure: 

• Context switching between tools and reports
• Cognitive load of understanding different outputs
• Time spent correlating findings across tools
• Redundant evaluations and conflicting recommendations
• Difficulty prioritizing issues across different systems
• Gaps in coverage between code quality tools
• Organizational knowledge silos

This is pain-staking, meticulous work that most engineers don’t want to do. Yet everyone knows that it must get done and that mistakes, like overlooking a critical security issue, can be devastating. So the team soldiers on but takes a hit in velocity and morale. Sadly, the pain isn’t over as someone needs to help this make sense to the business. 

‍

The Stakeholder Communication Challenge 

At no small expense, and thanks to the hard work of a team of experienced engineers, you’ve brought signal to the noise and have a pretty well-unified and comprehensive understanding of your code. For that to matter, it now needs to be communicated to the business in terms that the various stakeholders can understand: in particular, non-technical stakeholders. This requires further manipulation, translation, creation of charts and graphs, etc. so that each stakeholder (executives, security, compliance, etc.) gets what they need to further their own objectives. This last mile is critical as it is required to obtain an important result: confidence in the engineering organization and its leadership. It ain’t free though. This will chew up more of your time and likely some other senior staff. 

‍

Practical Steps for Maintaining Code Quality in the Face of Tool Sprawl

Fortunately, there are some proven techniques for managing all of this without breaking budgets or burning out your team. And AI shows enormous potential as LLM’s strength with structured language is perfect for code AND is well suited to the signal-to-noise problem tool sprawl has created. To make the most of your current situation:

• Audit your current code evaluation toolset. No one person has a complete list. You’ll need a survey or some other audit to get a reasonably complete list so you can optimize from there. 
• Calculate the cost of fragmentation in your organization. Pick a few recurring evaluations, like for an audit or compliance mandate. Ask the team how much time they spend massaging the tool output into what they pass on to you. 
• Identify tool consolidation opportunities. Even in a medium-sized organization, there will be some. Especially when you factor in changes in licensing, pricing, and capability.
• Get buy-in from your team for a more unified approach. With a little communication and cajoling, and by simplifying the tooling or the process, command ground will emerge. 
• Measure success beyond tool adoption. Adoption is no small feat. And sometimes it’s true that you just need to generate the data, to check the box. But it’s even better if the tool is fostering improvement within the engineering organization or helping the organization more broadly progress its objectives. 

‍

AI’s Role in Improving Code Evaluation Tools

Fortunately, making the most of the situation is no longer limited to basic management best practices. AI, and specifically LLMs, are poised to dramatically improve code evaluation. After all, LLMs work best with structured languages, and code is highly structured. As we’ve built Flux, we’ve learned that a composite approach, one that blends LLMs with static analysis and other code evaluation techniques, works best. LLMs can’t replace traditional code quality tools today. We tried that: it was pretty awful. But they are great at summarizing output from traditional tools. Per the above, that’s a lot of the work team members are doing today. For example, identifying that three tools are effectively indicating the same thing 48 times. Prompt engineering and other tricks can glean additional insight beyond what existing approaches can achieve. Best of all, it requires no effort from the team. Just connect Flux and let us do our thing. A short while later, you have the rough equivalent of what your team might take weeks to do. Maybe better. 

‍

Re-Booting Code Evaluation For Better Results, Faster, At Lower Cost

Between tool-related costs - like software license expense, infrastructure, and configuration - and all of the people costs to bring signal to the deafening noise, today’s approach to code evaluation is manual, slow, and incredibly expensive. And on top of that, engineers don’t really want to do it, and the organization would be better off with them coding. Fortunately, AI is perfect for code and offers a paradigm shift for how organizations can tackle this work. By adopting an AI-driven approach, Engineering leaders have a rare opportunity to achieve better results, faster, and at lower cost than today’s approaches. Better still, your team will thank you for it as they can leave the drudgery behind and get back to building. 

‍

Fragmented tools slow your team down — Flux speeds you up

With AI-powered insights, streamlined reporting, and unified evaluation, Flux helps you cut through the noise and focus on what matters: building great software.

👉 Check out Flux and see how we can transform your engineering operations today.