Total Code Quality Index (TCQI)

The Total Code Quality Index (TCQI) is a composite metric in Oobeya that quantifies code quality by analyzing SonarQube issue data through multiple lenses: severity, category impact (security, reliability, maintainability), remediation effort, and codebase volume. It provides engineering leaders with a clear, standardized, and customizable way to monitor and improve software quality.

What TCQI Measures

The TCQI goes beyond raw issue counts. It evaluates:

How risky issues are, based on severity and fix effort.
What impact they have across key quality dimensions.
How clean the codebase is by factoring in total code volume.
How the project compares to an ideal maximum through normalization.

This results in a set of actionable, easy-to-compare indices:

Total Code Quality Index (TCQI)
Security Index
Reliability Index
Maintainability Index

Core Concepts

TCQI is built on three core inputs from SonarQube:

Dimension

Description

Severity

Indicates how critical an issue is (Blocker, High, Medium, etc.).

Quality Categories

Reflects the issue’s domain: Security, Reliability, Maintainability. An issue may belong to more than one category.

Remediation Effort

The estimated time required to fix the issue (e.g., 10 minutes, 8 hours, etc.).

These inputs are transformed into scores using configurable coefficients defined by your organization.

Configurable Coefficients

All coefficients can be customized in Admin Settings > Code Quality > Code Quality Index.

🔸 Severity Coefficients

Severity

Coefficient

Blocker

0.5

High

0.25

Medium

0.15

Low

0.1

Info

🔸 Quality Category Coefficients

🔸 Remediation Complexity Coefficients

Estimated Fix Time

Coefficient

≤ 10 minutes

≤ 30 minutes

≤ 60 minutes

≤ 3 hours

≤ 8 hours (1 day)

> 8 hours (1 day)

Step-by-Step Calculation

1. Calculate Issue Risk Scores

Each issue is scored independently per quality category it belongs to:

Issue Risk = Severity Coefficient × Category Coefficient × Remediation Coefficient

Because issues may belong to multiple categories, the same issue may contribute to multiple risk scores (e.g., both Security and Reliability).

2. Calculate Project-Level Quality Scores

For each category:

Project Category Risk Score = average(Issue Risk for that category)

Project Security Risk Score = average(Security Issue Risk Score)
Project Reliability Risk Score = average(Reliability Issue Risk Score)
Project Maintainability Risk Score = average(Maintainability Issue Risk Score)

Project Category Quality Score = Highest Risk Score - Project Category Risk Score

Project Security Quality Score = Highest Risk Score - Project Security Risk Score
Project Reliability Quality Score = Highest Risk Score - Project Reliability Risk Score
Project Maintainability Quality Score = Highest Risk Score - Project Maintainability Risk Score

Where:

Highest Risk Score = max(severity coefficient) × max(category coefficient) × max(remediation coefficient)

The Project Code Quality Score is the average of the three category scores:

Project Code Quality Score = avg(Security, Reliability, Maintainability Quality Scores)

3. Normalize to a Fixed Scale

To make scores comparable across projects and teams, Oobeya normalizes each score to a 0–5 scale:

Normalized Index = (Total Code Quality Highest Index × Project Quality Score) / Highest Risk Score

With:

Total Code Quality Highest Index = 5.0 (default value)

This gives:

Index Type

Formula

Project Code Quality Index

Total Code Quality Highest Index × Project Code Quality Score / Highest Risk Score

Project Security Quality Index

Total Code Quality Highest Index × Project Security Quality Score / Highest Risk Score

Project Reliability Quality Index

Total Code Quality Highest Index × Project Reliability Quality Score / Highest Risk Score

Project Maintainability Quality Index

Total Code Quality Highest Index × Project Maintainability Quality Score / Highest Risk Score

4. Factor in Codebase Volume (Clean Code Density)

To reflect code cleanliness relative to size:

Issue Density = Issue Count / Total Lines of Code
Clean Code Density = 1 - Issue Density

You can also calculate this per category:

Security Clean Code Density
Reliability Clean Code Density
Maintainability Clean Code Density

Security Issue Density = Security Issue Count / Total Lines of Code
Security Clean Code Density = 1 - Security Issue Density

Reliability Issue Density = Reliability Issue Count / Total Lines of Code
Reliability Clean Code Density = 1 - Reliability Issue Density

Maintainability Issue Density = Maintainability Issue Count / Total Lines of Code
Maintainability Clean Code Density = 1 - Maintainability Issue Density

5. Final TCQI and Category Indices

Total Code Quality Index = Project Code Quality Index × Clean Code Density

Security Index = Project Security Quality Index × Security Clean Code Density
Reliability Index = Project Reliability Quality Index × Reliability Clean Code Density
Maintainability Index = Project Maintainability Quality Index × Maintainability Clean Code Density

Why Use TCQI?

Standardized and Scalable: Works across small and large codebases alike.
Actionable: Highlights critical areas in security, reliability, or maintainability.
Customizable: Adapt coefficients to align with your company’s engineering standards.
Measurable Over Time: Track quality regressions or improvements release by release.

Where to Configure

To tailor the TCQI model to your organization:

Go to: Admin Settings > Code Quality > Code Quality Index

There, you can:

Define severity weights
Set quality category priorities
Tune remediation complexity

Summary

Oobeya’s Total Code Quality Index provides a balanced, flexible, and insightful view of your engineering organization’s code health. It connects static code analysis to strategic engineering decisions—helping you drive long-term quality improvements.

PreviousUpdate the Agile Board Analytics NextAzure DevOps Guides

Last updated 24 days ago

Was this helpful?