TECHNICAL DEBT ASSESSMENT IN OPEN SOURCE APPLICATIONS USING STATIC CODE ANALYSIS

Yıl 2025, Cilt: 9 Sayı: 1, 25 - 40, 30.06.2025

Rafet Gözbaşı , Kökten Ulaş Birant

https://doi.org/10.62301/usmtd.1696804

Öz

The management of technical debt is critical to the sustainability of software quality throughout the evolution of software systems. This study investigates how technical debt levels change across multiple versions of four widely used open source software projects, nopCommerce, OrchardCore, RavenDB, and ShareX. Versions 30, 28, 20, and 15 of these projects, respectively, were systematically analyzed using the NDepend static analysis tool to measure technical debt levels. The results reveal that technical debt tends to accumulate, decrease, and stabilize. While nopCommerce exhibits significant increases in technical debt after major version migrations, OrchardCore maintains low levels, demonstrating the effectiveness of modular architecture in debt management. RavenDB exhibits a limited but increasing debt profile, while ShareX tends to reduce its debt level over time. These findings highlight the importance of continuously monitoring and proactively managing technical debt, especially during major structural changes. The study presents empirical findings on the evolution of technical debt in open source projects and demonstrates the value of static analysis tools such as NDepend to software quality management.

Anahtar Kelimeler

Static code analysis , Open source applications , Static analysis tools , Technical debt

Teşekkür

This study is derived from the master's thesis of Rafet GÖZBAŞI, a student of Dokuz Eylül University.

AÇIK KAYNAK KODLU UYGULAMALARDA STATİK KOD ANALİZİ İLE TEKNİK BORÇ DEĞERLENDİRMESİ

Öz

Teknik borcun yönetimi, yazılım sistemlerinin evrimi boyunca yazılım kalitesinin sürdürülebilirliği açısından kritik bir öneme sahiptir. Bu çalışma, yaygın olarak kullanılan dört açık kaynak yazılım projesi olan nopCommerce, OrchardCore, RavenDB ve ShareX’in çoklu sürümleri boyunca teknik borç seviyelerinin nasıl değiştiğini araştırmaktadır. NDepend statik analiz aracı kullanılarak bu projelerin sırasıyla 30, 28, 20 ve 15 sürümü sistematik olarak analiz edilmiş ve teknik borç seviyeleri ölçülmüştür. Elde edilen sonuçlar, teknik borcun birikim, azalma ve stabilite eğilimleri gösterdiğini ortaya koymuştur. nopCommerce, büyük sürüm geçişleri sonrası teknik borçta belirgin artışlar sergilerken, OrchardCore düşük seviyeleri koruyarak modüler mimarinin borç yönetimindeki etkinliğini göstermiştir. RavenDB, sınırlı ancak artış eğilimli bir borç profili sergilerken, ShareX zamanla borç seviyesini azaltma eğiliminde olmuştur. Bu bulgular, özellikle büyük yapısal değişiklikler sırasında teknik borcun sürekli izlenmesi ve proaktif olarak yönetilmesinin önemine dikkat çekmektedir. Çalışma, açık kaynak projelerde teknik borcun evrimine ilişkin ampirik bulgular sunmakta ve NDepend gibi statik analiz araçlarının yazılım kalitesi yönetimine sağladığı değeri ortaya koymaktadır.

Anahtar Kelimeler

Statik kod analizi , Açık kaynak kodlu uygulamalar , Statik analiz araçları , Teknik borç

Teşekkür

Bu çalışma Dokuz Eylül Üniversitesi öğrencisi Rafet GÖZBAŞI'nın yüksek lisans tezinden üretilmiştir.

Kaynakça

• A. Capiluppi, J.F. Ramil, Studying the evolution of open source systems at different levels of granularity: Two case studies, in: Proceedings of the 7th International Workshop on Principles of Software Evolution, IEEE, 2004, pp. 113–118.
• W. Scacchi, Free/open source software development, in: Proceedings of the 6th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering, 2007, pp. 459–468.
• K.J. Stol, B. Fitzgerald, Inner source—adopting open source development practices in organizations: a tutorial, IEEE Softw. 32 (4) (2014) 60–67.
• M. Beller, R. Bholanath, S. McIntosh, A. Zaidman, Analyzing the state of static analysis: a large-scale evaluation in open source software, in: Proceedings of the 23rd IEEE International Conference on Software Analysis, Evolution, and Reengineering (SANER), 2016, pp. 470–481.
• N. Ayewah, W. Pugh, J.D. Morgenthaler, J. Penix, Y. Zhou, Using findbugs on production software, in: Companion to the 22nd ACM SIGPLAN Conference on Object-Oriented Programming Systems and Applications, 2007, pp. 805–806.
• B.S. Basutakara, P.N. Jeyanthi, A review of static code analysis methods for detecting security flaws, J. Univ. Shanghai Sci. Technol. 23 (6) (2021) 647–653.
• E. Sultanow, A. Ullrich, S. Konopik, G. Vladova, Machine learning based static code analysis for software quality assurance, in: Proceedings of the 13th International Conference on Digital Information Management (ICDIM), 2018, pp. 156–161.
• J. Yeboah, S. Popoola, Uncovering user concerns and preferences in static analysis tools: a topic modeling approach, in: Proceedings of the 2nd International Conference on Artificial Intelligence, Blockchain, and Internet of Things (AIBThings), 2024, pp. 1–6.
• V. Lenarduzzi, F. Pecorelli, N. Saarimaki, S. Lujan, F. Palomba, A critical comparison on six static analysis tools: detection, agreement, and precision, J. Syst. Softw. 198 (2023) 111575.
• M. Nachtigall, L. Nguyen Quang Do, E. Bodden, Explaining static analysis—a perspective, in: Proceedings of the 34th IEEE/ACM International Conference on Automated Software Engineering Workshop (ASEW), 2019, pp. 29–32.
• P.C. Avgeriou, D. Taibi, A. Ampatzoglou, F.A. Fontana, T. Besker, A. Chatzigeorgiou, et al., An overview and comparison of technical debt measurement tools, IEEE Softw. 38 (3) (2020) 61–71.
• N.A. Ernst, S. Bellomo, I. Ozkaya, R.L. Nord, What to fix? Distinguishing between design and non-design rules in automated tools, in: Proceedings of the IEEE International Conference on Software Architecture (ICSA), IEEE, 2017, pp. 165–168.
• T. Coulin, M. Detante, W. Mouchère, F. Petrillo, Software architecture metrics: a literature review, arXiv preprint arXiv:1901.09050 (2019).
• M.K. Debbarma, S. Debbarma, N. Debbarma, K. Chakma, A. Jamatia, A review and analysis of software complexity metrics in structural testing, Int. J. Comput. Commun. Eng. 2 (2013) 129–133.
• J. Ludwig, S. Xu, F. Webber, Compiling static software metrics for reliability and maintainability from GitHub repositories, in: Proceedings of the IEEE International Conference on Systems, Man, and Cybernetics (SMC), 2017, pp. 5–9.
• E.Y. Hernandez-Gonzalez, A.J. Sanchez-Garcia, M.K. Cortes-Verdin, J.C. Perez-Arriaga, Quality metrics in software design: a systematic review, in: Proceedings of the 7th International Conference in Software Engineering Research and Innovation (CONISOFT), 2019, pp. 80–86.
• A.S. Nuñez-Varela, H.G. Pérez-Gonzalez, F.E. Martínez-Perez, C. Soubervielle-Montalvo, Source code metrics: a systematic mapping study, J. Syst. Softw. 128 (2017) 164–197.
• W. Cunningham, The WyCash portfolio management system, ACM Sigplan OOPS Messenger 4 (2) (1992) 29–30.
• P. Kruchten, R.L. Nord, I. Ozkaya, Technical debt: from metaphor to theory and practice, IEEE Softw. 29 (6) (2012) 18–21.
• N.S. Alves, T.S. Mendes, M.G. De Mendonça, R.O. Spínola, F. Shull, C. Seaman, Identification and management of technical debt: a systematic mapping study, Inf. Softw. Technol. 70 (2016) 100–121.
• N.A. Ernst, S. Bellomo, I. Ozkaya, R.L. Nord, I. Gorton, Measure it? manage it? ignore it? software practitioners and technical debt, in: Proceedings of the 10th Joint Meeting on Foundations of Software Engineering, 2015, pp. 50–60.
• F.A. Fontana, R. Roveda, M. Zanoni, Technical debt indexes provided by tools: a preliminary discussion, in: Proceedings of the 8th IEEE International Workshop on Managing Technical Debt (MTD), IEEE, 2016, pp. 28–31.
• J. Holvitie, S.A. Licorish, R.O. Spínola, S. Hyrynsalmi, S.G. MacDonell, T.S. Mendes, V. Leppänen, 2Technol. 96 (2018) 141–160.
• P. Avgeriou, I. Ozkaya, A. Chatzigeorgiou, M. Ciolkowski, N.A. Ernst, R.J. Koontz, F. Shull, Technical debt management: the road ahead for successful software delivery, in: Proc. 2023 IEEE/ACM Int. Conf. Softw. Eng.: Future Softw. Eng. (ICSE-FoSE), IEEE, 2023, pp. 15–30.
• P. Kokol, Software quality: how much does it matter?, Electronics 11 (16) (2022) 2485.
• H.J. Kang, K.L. Aw, D. Lo, Detecting false alarms from automatic static analysis tools: how far are we?, in: Proc. 44th Int. Conf. Softw. Eng. (ICSE), 2022, pp. 698–709.
• A. Melo, R. Fagundes, V. Lenarduzzi, W.B. Santos, Identification and measurement of Requirements Technical Debt in software development: a systematic literature review, J. Syst. Softw. 194 (2022) 111483.
• H.J. Junior, G.H. Travassos, Consolidating a common perspective on technical debt and its management through a tertiary study, Inf. Softw. Technol. 149 (2022) 106964.
• D.C. Yadav, Y. Singh, A.K. Pandey, A. Kannagi, Computerized software quality evaluation with novel artificial intelligence approach, Proc. Eng. 6 (1) (2024) 363–372.
• T. Honglei, S. Wei, Z. Yanan, The research on software metrics and software complexity metrics, in: Proceedings of the International Forum on Computer Science-Technology and Applications, IEEE, 2009, pp. 131–136.
• S.B. Pandi, S.A. Binta, S. Kaushal, Artificial intelligence for technical debt management in software development, arXiv preprint arXiv:2306.10194 (2023).
• NopCommerce, NopCommerce release tags, https://github.com/nopSolutions/nopCommerce/tags, 2025 (accessed 01.02.25).
• Orchard Core, Orchard Core release tags, https://github.com/OrchardCMS/OrchardCore/tags, 2025 (accessed 08.02.25).
• RavenDB, RavenDB release tags, https://github.com/ravendb/ravendb/tags, 2025 (accessed 15.02.25).
• ShareX, ShareX release tags, https://github.com/ShareX/ShareX/tags, 2025 (accessed 22.02.25).
• A. Juneja, B. Sondhi, A. Sharma, Nopcommerce customization for improved functionality and user experience, 2023.
• Orchard Core, Orchard Core Documentation, https://docs.orchardcore.net, 2025 (accessed 27.05.25).
• P. Nepaliya, P. Gupta, Performance analysis of NoSQL databases, Int. J. Comput. Appl. 127 (12) (2015) 36–39.
• Wikipedia, ShareX, https://tr.wikipedia.org/wiki/ShareX, 2025 (accessed 27.05.25).
• M. Stanković, Komparativna analiza alata za statičku analizu koda u svrhu identifikacije i procene tehničkog duga u .NET projektima, Zb. Rad. Fak. Tech. Nauka Novi Sad 37 (8) (2022) 1337–1340.
• R.H. Pfeiffer, M. Lungu, Technical debt and maintainability: how do tools measure it?, arXiv preprint arXiv:2202.13464 (2022).
• J. Lefever, Y. Cai, H. Cervantes, R. Kazman, H. Fang, On the lack of consensus among technical debt detection tools, in: Proc. 2021 IEEE/ACM 43rd Int. Conf. Softw. Eng.: Softw. Eng. Pract. (ICSE-SEIP), IEEE, 2021, pp. 121–130.
• R. Shaukat, A. Shahoor, A. Urooj, Probing into code analysis tools: a comparison of C# supporting static code analyzers, in: Proc. 15th Int. Bhurban Conf. Appl. Sci. Technol. (IBCAST), IEEE, 2018, pp. 455–464.
• L. Pavlič, T. Hliš, M. Heričko, T. Beranič, The gap between the admitted and the measured technical debt: an empirical study, Appl. Sci. 12 (15) (2022) 7482.
• D. Saraiva, J.G. Neto, U. Kulesza, G. Freitas, R. Reboucas, R. Coelho, Technical debt tools: a systematic mapping study, in: Proc. Int. Conf. Enterp. Inf. Syst. (ICEIS), vol. 2, 2021, pp. 88–98.