Change Impact Analysis

Change Impact Analysis in Software Testing

Change impact analysis can be done by an automated system that determines which lines are changed in a PR and are they tested or not with the existing test suites and tests
Ismail Egilmez
2 mins read

What is Change Impact Analysis in Testing?

Every time a change is made in the code of a project, there is an impact on the system. Change Impact Analysis is defined as analyzing the impact of code changes in the deployed application. It gives information about the areas of the system that may be affected due to the change in the particular section or features of the application.

Change Impact Analysis in testing is one of the most important aspects software teams use to identify the risks related to the code changes in an application. Change Impact Analysis helps in identifying the impact of the changes on the modules and functionalities and how it comes to happen. It helps in recognizing which new test cases software developers ought to create to cover a new feature and the impact of the changes in the testing process.

Why Do We Do Change Impact Analysis?

The flow of shipping to production must be smooth and error-free, fast in CI/CD pipelines. Every new PR has to be covered by tests in order to prevent bugs fall off the radar. 

Potential risks introduced by the code changes must be discovered in order to move on. This is vital because if you have a large project, multiple developers are working on different parts of the codebase and hundreds of commits every day are made. It becomes tough to follow which PR impacts which parts of the application, whether it is well covered by tests or not, and how risky it is to move on.

Developers are running through a series of tests and test suites for every code change they make. Naturally, every test run adds to the delay in the feedback that they are waiting on.

Software development teams can’t exactly know what subset of tests are impacted by their code changes. There are several consequences of this. 

  1. Being unaware of potential risks that might be carried out to production environment.
  2. Decreased developer productivity because of long waiting times for testing cycles.
  3. Slow release cycles because of clogged CI pipelines.
  4. Unnecessary cost of resource usage while running every test for every code change.

Who Should Do Change Impact Analysis?

Software teams implementing a testing strategy generally begin with define the scope, creating the test cases, defining the test objectives but slog on coping up with the constantly changing code of the application they test. Doing change impact analysis sheds light on how software teams should focus their testing efforts and strategy.

Like the ones who start their testing strategy from the ground up, teams who want to add tests to improve the reliability of their applications by fielding an MVP also can highly benefit from doing change impact analysis. 

Other than those, teams porting a legacy application to a new codebase can have a difficult time determining where to focus on their testing efforts. Doing change impact analysis will highly make their jobs easier because it becomes clear to see what parts are well tested or not.

How to Release Fast Without Compromising Quality?

Traditionally, development teams often conduct lengthy internal surveys to tap their own knowledge and determine what parts of their code were the most critical to end users. These teams would build their own internal processes from scratch to ensure that developers knew when they were making changes to a critical code.

This work is extremely helpful to development teams but it’s arduous, takes months to perform, is subject to developer bias, and can rapidly become out of date.

This manual work should be done automatically and be kept up to date continuously. Automating change impact analysis makes it substantially faster to answer the question, “which test should I run next?” or “are these tests enough?”

A practical way of implementing change impact analysis for testing can be applied by taking the runtime information from the production environment of an application and using it to identify the parts/lines of the code which are tested or not in a pull request. Additionally, risk analysis can be automatically done by calling out the user impacting parts of a pull request.

Watching the code changes at every workflow run in a CI pipeline and calculating the potential risk that change might introduce is more of an automated process rather than doing it manually. An automated system can use code coverage data to determine which lines are changed in a PR and are they tested or not with the existing test suites and tests.

Moreover, the system should make a change impact analysis and provide a risk report which tells how risky it is to move on with that missing coverage. Quantifying the risk of a code change would help developers to understand the impact of their code and determine which pull requests are not well tested and which ones are ready to be merged.

Using this system, code reviewers can focus on reviewing the parts of a code change that matter most to their users. Code authors can ensure their testing strategy is in alignment with how their applications are actually used.

TL;DR

Development teams have a hard time determining what parts of their code are the most critical to end-users. At every PR, this should be known automatically and continuously kept up to date.

Assessing the level of risk of software changes is grueling

It's difficult for code authors and reviewers to know the impact of the PR in production. They want to know and focus on the parts of a code change that matter most to their users. Hence, it's difficult for software teams to ensure their testing strategy is in alignment with how their applications are actually used.

Ideal solution

An ideal solution to apply change impact analysis is definitely putting up a system which automates this process and keeps it up to date.

For example, Foresight correlates the changes to the codebase with the test coverage reports and determines how much of the changes are covered by the tests. It displays quality risk metrics to facilitate the change impact analysis process. Using the quality risk metrics, code reviewers can select either to automatically approve or route PRs through relevant reviewers to ensure only high-quality builds are moved to production.