Software Analysis
What happens when a third of the adopted code is only available as a black box? How an agile mindset and honesty can save a ticket store project.
Software quality analysis when adopting an unknown code base refers to the structured procedure for evaluating the condition of third-party software in a short period of time. Static analysis tools such as SonarQube provide initial insights into maintainability, robustness and security. Missing documentation and incomplete components are among the most common risks of such takeovers.
Key Takeaways
- Cutting testing from the budget first makes projects more expensive and complicated, not cheaper, because a lack of quality assurance only delays problems, not prevents them.
- A full-time test manager in the development team is unusual, but brings structural clarity that directly relieves all other disciplines.
- Openness about project risks must come early: If you hold back bad news, you will get it back at a less favorable time.
- In concrete terms, an agile mindset means reorganizing the team setup in the middle of the project when the requirements have shifted, for example by appointing a second architect instead of a developer.
- A migration without downtime is more reliable if it is fully rehearsed three weeks in advance with real live data.
Adopting third-party software means expecting surprises
Anyone who buys existing software rarely takes over a cleanly documented package. More often it’s a surprise egg: you don’t know exactly what’s inside, what the quality is like and whether the system is maintainable at all.
This was precisely the situation faced by a public mobility provider when it took over an existing ticket store. It was not just about usage rights, but about the entire product. Before the purchase, it was unclear which components would be included, how good the code was and whether the takeover would be worthwhile.
Sonja Trimmel and Helmut Nitsch accompanied this project. Their experience shows what is important when you take over an unknown code base and bring it to a sustainable state.
How do you evaluate a foreign code base in a short space of time?
An initial assessment is possible even under time pressure if you use static analysis. Only one and a half days were available for the initial assessment, not enough time for a full manual check with several thousand lines of code.
Tools for static analysis, such as SonarQube, provide a useful impression in this situation. They make statements about maintainability, robustness and security aspects without the need for an executable system.
The security view is particularly important for a ticket store. Such a system has a high touchpoint to the outside world and is used frequently. These properties can be easily viewed automatically.
In this case, there was no running system. The ticket store was visible online, only a piece of the code provided was checked, with static analysis and manual review. This is sufficient for an initial assessment in order to derive concrete suggestions.
The code was not the problem, the missing parts were
When adopting software, the biggest hurdle is often not the code, but what is not included. The audited code itself was good, no serious defects.
The gaps around it were more difficult. Due to changing responsibilities, some components arrived late. The documentation was not up to the standard that a professional team would expect.
During the familiarization phase, the real sticking point became apparent: some of the software was only available as a black box, as a compilation without source code. Around two thirds of the software was available in code, one third was not.
This moment marks the point at which a planned takeover turns into a surprise. Suddenly the question arises as to how to continue working with the missing source code.
Why an agile mindset makes the difference in software acquisitions
Anyone taking over unknown software needs the ability to change the plan on the go. The original idea was to analyze the code, refactor it, add some functions, fix bugs and update the documentation.
In fact, the focus shifted. A lot of time went into the analysis because we had to completely understand the system, find all the parts and prepare them for further use. The pure refactoring idea became the question of what the customer really needed in the first step.
The team setup was reorganized accordingly. Instead of continuing with the initial team, some developers were removed and a second architect was brought into the project. A total of five months, two architects and two developers were available.
Helmut Nitsch emphasizes that this is not about agility as a label.
I’m not talking about what you are preached, but about having an agile mindset in order to be able to react flexibly to certain things. That was essential.
- Helmut Nitsch
This flexibility, coupled with the client’s trust, was a success factor on both sides.
How do you plan a migration without downtime?
A migration without permitted downtime is achieved through repeated rehearsals with real data. In the case of a ticket store, the system must not fail; the change must work practically from one moment to the next.
Three weeks before the deadline, the migration was rehearsed with all live data and fully prepared. This dry run uncovers sources of error before they strike in an emergency.
The timing was an additional complication. Due to postponements, the migration took place during the vacation period and the chief architect was absent for the crucial three weeks. A migration in the heat and during the vacation period increases the risk of human error.
The solution lay in the preparation. The second architect and the lead developer rehearsed the migration and prepared everything. When the architect returned, the team went through everything again together.
The date was no coincidence either. A Tuesday lunchtime was chosen, statistically the time with the fewest users in the ticket store. The result: the actual migration took five minutes, after which everything was up and running.
The underestimated factors on migration day
In addition to technology and planning, it’s the soft factors that count. On migration day, all the developers sat in an air-conditioned room, early at the start, with food and drink provided.
Catering and atmosphere are not a minor matter. Providing a good working environment on a critical day reduces stress and therefore the likelihood of errors. The rule of thumb behind this is simple: plan twice, do once.
Honesty and communication carry the project
As soon as surprises arise, communication determines the outcome. Four companies were involved in the project, so close coordination was necessary.
The procedure was consistent: every new finding was immediately reported to all those involved. The team was called together, scenarios were written down, in one case four or five, and everyone contributed their assessment.
Decisions were actively enforced. In meetings, the rule was not to leave the room until a decision had been made, because delay only costs money. Tough prioritization is part of this.
The most critical phase came almost at the beginning. Missing documentation, undelivered code and the realization that the time and budget were not going to work out, brought real pressure, especially as other projects were hanging on.
In this situation, only openness helped. Instead of hiding problems, the scenarios were laid openly on the table: this approach will get you here, that approach will get you there, and only this approach will get you to the end. Hiding information is useless, because the concealed problem emerges later, usually at the most inopportune moment.
Customer commitment is more than budget
A strong commitment on the part of the client is demonstrated by the fact that he prepares the entire team to speak a common language. Before the project started, the client sent the entire team on a Scrum course.
The aim was not just to impart knowledge, but to ensure smooth communication. If everyone involved understands the same terms, there is no friction when coordinating.
The effect was noticeable. When the team said something, the other side knew exactly what was meant. This kind of commitment is very different from the widespread pattern where the customer says “go ahead” and only provides support with a few part-time employees.
When saving money, the first thing to be cut is testing, and that takes its toll
One constant runs through more than twenty years of testing: when savings are made, testing is cut first. This does not make a project cheaper, but more complicated and more expensive.
Development is not just about coding. A development team needs other disciplines, from requirements engineering to testing. These disciplines bring more than they cost and help to bring a project to a successful conclusion.
This project involved a full-time test manager, which is rather unusual in development projects. It is more common to have a half-time testing manager on the side. The full-time position gave the process a lot of structural direction.
What lessons can be learned for the next software takeover?
The most important lesson is: set up a diverse team right from the start, even if you think you know how the project is going. During the project, the team had to be reorganized several times as soon as the direction changed.
An interdisciplinary team can replace one competence with another when the project turns. It was precisely this reorganization that was a success factor. Among other things, app development, various cloud technologies and expertise in testing, project management and automation were bundled at a comparable level.
In practice, the key factors can be summarized as follows:
| factor | impact in the project |
|---|---|
| Static analysis in advance | Quick quality assessment even without a running system |
| Agile mindset | Adapt plan and team setup on the go if new gaps emerge |
| Rehearse migration several times | Find sources of error before the real thing, five minutes of real cutover |
| Open communication | Put problems on the table early, actively force decisions |
| Customer commitment | Joint Scrum course reduces frictional losses |
| Full-time testing | Structural guidelines instead of saving in the wrong place |
Adopting third-party software remains a risk. But if you bring together analysis, flexibility, honest communication and a broad-based team, you can turn even a surprise egg into a viable product.
Frequently Asked Questions
The most common challenges in software analysis are unclear requirements, communication problems and technological complexity. Unclear requirements can be improved through regular meetings with stakeholders and clearly documented goals. Communication problems can be minimized through the use of collaboration tools and transparent processes. Technological complexity can be managed through targeted training and the use of proven tools and frameworks. Effective software analysis therefore requires a structured approach and open communication between all stakeholders.
To effectively integrate software analysis into the software development process, it should start early, ideally in the planning phase. Regular analyses throughout development help to clearly define requirements and identify potential problems at an early stage. Feedback loops with users are also important in order to continuously improve the software. The use of tools for statistical analysis and code reviews also supports the process. These measures make software analysis an integral component that increases quality and efficiency.
Tools such as SonarQube, Visual Studio and Eclipse are particularly suitable for software analysis. SonarQube helps to identify code quality and security problems. Visual Studio offers integrated analysis functions to improve the code. Eclipse has numerous plugins that support software analysis. These tools make it easier to detect errors and optimize code, resulting in better software development. They are useful for both individual developers and teams.
Software analysis improves quality assurance in software development by identifying errors at an early stage and uncovering systematic problems. The thorough examination of requirements, design and code ensures that the software meets expectations. This analysis also promotes clear documentation and communication within the team, which minimizes misunderstandings. Ultimately, software analysis leads to more stable and reliable products that better meet the needs of users.
Modeling improves software analysis by visually representing complex systems, which promotes understanding and communication. Through diagrams and models, relationships and processes can be recognized more clearly, making errors and inconsistencies visible earlier. Modeling also enables the simulation of scenarios to proactively identify potential problems. Overall, it ensures that software analysis is more targeted, efficient and error-free.
Use cases improve software analysis by presenting clear scenarios for user interaction. They help to concretize requirements in an understandable way and ensure a focus on the most important functions. By visualizing processes and user needs, use cases make it easier to identify errors and potential for improvement in the software. They also promote communication between developers and stakeholders, which leads to better implementation of the desired functions. In software analysis, they are therefore a central tool for increasing the quality and user-friendliness of the software.
Requirements analysis is crucial for software analysis as it ensures that the solutions developed meet the actual needs of the users. By precisely identifying and documenting requirements, misunderstandings and costly changes in later phases can be avoided. It also forms the basis for the design, implementation and testing of the software, ensuring the quality and functionality of the final product. An effective requirements process also promotes communication between stakeholders and developers.
The main differences between ACTUAL analysis and TARGET analysis in software analysis lie in the focus: ACTUAL analysis examines the current state of a system, its weaknesses and problems. In contrast, the TARGET analysis defines the desired goals and requirements for the future. While the ACTUAL analysis provides an inventory, the TARGET analysis lays the foundation for improvements and new developments. Both methods are essential for successful software projects, as they provide a clear basis for planning and implementation.
The most effective methods of software analysis in software development are static and dynamic analysis. Static analysis checks the source code for errors before the software is executed, while dynamic analysis evaluates the behavior of the software during execution. Both methods help to identify security gaps and bugs at an early stage, which increases the quality of the software. In addition, requirements analysis and user feedback are essential in order to tailor the software precisely to the needs of the users. Together, these approaches improve the software analysis and promote successful development.
Software analysis is the process of gathering information about a software system in order to understand its requirements, structure and functionality. Software analysis methods include functional analysis, data flow analysis, object-oriented analysis and UML modeling. These methods help to document the software, identify errors and recognize potential for improvement. A well-founded software analysis is crucial for the quality and success of software projects.
Related Posts
Richard Seidl
•Jun 2, 2026
Patient agility: Is agile working dying?
Richard Seidl
•May 26, 2026