This recipe produces a fully operational tech debt reduction system — a costed debt inventory, prioritized remediation backlog, CI/CD quality gates blocking new debt, and an automated TDR dashboard with threshold alerts — within 12-20 weeks. It outputs measurable improvement: TDR reduced by 30%+ from baseline, deployment frequency doubled, and 15-25% sprint velocity increase within 6 months. Organizations that dedicate 15-20% of sprint capacity achieve 50% faster service delivery within 12 months. [src1]
Which path?
├── Team is basic maturity AND budget = $0
│ └── PATH A: Free Basics — SonarQube CE + GitHub Actions + GitHub Issues + Grafana OSS
├── Team is basic maturity AND budget > $0
│ └── PATH B: SaaS Quick Start — SonarCloud + GitHub Actions + Linear + Grafana Cloud
├── Team is intermediate AND budget > $500/mo
│ └── PATH C: Professional — SonarQube Dev + GitLab CI + Jira + Swarmia
└── Team is mature AND budget > $2,000/mo
└── PATH D: Enterprise — SonarQube Enterprise + CodeScene + Datadog + Faros AI| Path | Tools | Cost | Setup Time | Output Quality |
|---|---|---|---|---|
| A: Free Basics | SonarQube CE, GitHub Actions, Issues, Grafana | $0 | 2-3 days | Good — TDR + quality gates |
| B: SaaS Quick Start | SonarCloud, GitHub Actions, Linear, Grafana Cloud | $150-$400/mo | 1-2 days | High — built-in dashboards |
| C: Professional | SonarQube Dev, GitLab CI, Jira, Swarmia | $500-$1,500/mo | 3-5 days | High — branch analysis + DORA |
| D: Enterprise | SonarQube Ent, CodeScene, Datadog, Faros | $2K-$10K/mo | 1-2 weeks | Excellent — full observability |
Duration: 1-2 days · Tool: SonarQube / SonarCloud + CI pipeline
Install and configure code quality analysis. Run the first full scan to establish the baseline Technical Debt Ratio. This number is your starting point — every future improvement is measured against it.
# Self-hosted SonarQube via Docker
docker run -d --name sonarqube -p 9000:9000 sonarqube:community
# Add scanner to CI pipeline (GitHub Actions):
# uses: sonarsource/sonarqube-scan-action@v3
# with SONAR_TOKEN and SONAR_HOST_URL secrets
# SonarCloud alternative: sign up at sonarcloud.io, import repo
# Auto-configures GitHub Actions — no self-hosting neededVerify: Dashboard shows project with TDR calculated; CI runs analysis on every push · If failed: Use SonarCloud SaaS if Docker fails; run sonar-scanner CLI manually to verify connectivity
Duration: 1-2 weeks · Tool: SonarQube reports + incident logs + developer survey
Combine automated analysis with human knowledge. Static analysis catches code debt; engineers know about architecture and infrastructure debt that tools miss. Incident logs reveal which debt items cause outages. [src5]
Debt Inventory Columns:
ID | Category | Description | Affected Modules | Monthly Dev-Hours Lost
Remediation Estimate (hrs) | Incident Count (6mo) | Severity | ROI Score
Categories: CODE, ARCH, INFRA, TEST, DOCS
ROI = (Monthly_Hours_Lost × 12 × Rate) / (Remediation_Hours × Rate) - 1
Example: 20 hrs/mo lost, 40 hrs to fix = 500% annual ROIVerify: 80%+ items costed; total monthly debt cost calculated in hours and dollars · If failed: Use gut-feel scoring (1-5 for pain and effort) if precise hours unavailable
Duration: 3-5 days · Tool: Jira / Linear / GitHub Issues
Score each debt item on a priority matrix. Apply the 80/20 rule: top 20% of items cause 80% of friction. [src4]
| Change Frequency | High Impact | Low Impact |
|---|---|---|
| High (weekly+) | P1: Fix Now — Sprint allocation | P3: Opportunistic — Scout rule |
| Low (monthly−) | P2: Plan Soon — Next quarter | P4: Accept/Defer — Monitor |
Priority Score = (Business Impact × 2) + Engineering Friction + Incident Risk
Max = 15. Items scoring 12+ are P1.Verify: Top 10 items identified with effort estimates and sprint assignments · If failed: Use ROI score from Step 2 to resolve disagreements objectively
Duration: 1-2 days · Tool: SonarQube / SonarCloud + CI pipeline
Set up quality gates blocking merges that introduce new debt. Apply to new code only — otherwise every PR fails until all legacy debt is fixed. [src6]
Quality Gate Conditions (new code):
- Coverage ≥ 80%
- Duplicated lines ≤ 3%
- Maintainability rating = A
- Reliability rating = A
- Security rating = A
- Security hotspots reviewed = 100%
# GitHub branch protection:
# Require SonarQube Quality Gate status check
# Require branches up to date before mergingVerify: Test PR with a code smell → gate fails → PR blocked · If failed: Loosen to 60% coverage temporarily; tighten quarterly
Duration: 13 weeks (1 quarter) · Tool: Sprint planning + code review
Recommended allocation: features 65-70%, technical debt 15-20%, bugs 10-15%. This is non-negotiable. [src7] [src8]
MODEL 1: Continuous (recommended)
— 15-20% every sprint for debt items
— Debt items assigned in sprint planning like features
— Sprint review includes debt progress
MODEL 2: Pit Stop (release trains)
— 1 debt sprint after every 2 feature sprints
MODEL 3: Scout Rule + Continuous (hybrid)
— Always leave code better than you found it
— 15% reserved + quarterly strategic sprint
Weekly Debt Standup (15 min):
1. Items completed? 2. Blocked? 3. TDR trend? 4. New debt found?Verify: After 4 sprints, TDR trending down; deploy frequency stable or improving · If failed: Audit whether allocation is actually honored; escalate if PMs reclaim debt time
Duration: 2-3 days · Tool: Grafana / Datadog / Swarmia
Create automated dashboard tracking TDR over time, DORA metrics, and debt inventory trends. Set alerts for threshold breaches.
Dashboard Panels:
1. TDR Trend (target 5%, alert at 15%)
2. Debt Items by Category (code, arch, infra, test, docs)
3. Sprint Debt Velocity (items closed per sprint)
4. DORA Metrics (deploy freq, lead time, CFR, MTTR)
5. Top 5 Costliest Debt Items (monthly hours lost)
6. Net Debt Change (new vs. resolved per sprint)
7. Coverage Trend
Alerts: TDR > 15% → Slack; TDR > 25% → CTO pageVerify: Dashboard shows live data; alerts fire correctly on test threshold · If failed: Use SonarCloud built-in dashboard as interim
Duration: 3-5 days + ongoing · Tool: CI/CD + code review process
Prevention closes the loop — without it, you pay down debt while accumulating new debt faster.
Prevention Checklist:
☑ Quality gates enforced on all PRs (Step 4)
☐ Code review includes: "Does this PR add debt?"
☐ AI code generation policy: same review + gates
☐ ADRs for intentional debt with repayment timeline
☐ Dependency automation (Renovate/Dependabot)
☐ Quarterly debt review cadence establishedVerify: All 6 items configured; quarterly review scheduled; AI policy communicated · If failed: Start with quality gates only; add process items one per sprint
{
"output_type": "tech_debt_reduction_system",
"format": "multi-artifact",
"columns": [
{"name": "tdr_baseline", "type": "number", "description": "Starting TDR %"},
{"name": "tdr_current", "type": "number", "description": "Current TDR after remediation"},
{"name": "tdr_target", "type": "number", "description": "Target TDR (default 5%)"},
{"name": "debt_items_total", "type": "number", "description": "Total items in inventory"},
{"name": "debt_items_resolved", "type": "number", "description": "Items remediated this quarter"},
{"name": "monthly_hours_saved", "type": "number", "description": "Dev-hours reclaimed"},
{"name": "deployment_frequency_change", "type": "number", "description": "% change vs baseline"},
{"name": "sprint_velocity_change", "type": "number", "description": "% change vs baseline"},
{"name": "quality_gates_active", "type": "boolean", "description": "CI gates enforced"},
{"name": "prevention_items_configured", "type": "number", "description": "Active items (out of 6)"}
]
}| Quality Metric | Minimum Acceptable | Good | Excellent |
|---|---|---|---|
| TDR reduction from baseline | 15% decrease | 30% decrease | 50%+ decrease |
| Deployment frequency change | No degradation | 50% improvement | 2x improvement |
| Change failure rate | <20% | <15% | <10% |
| Sprint velocity improvement | 5% increase | 15% increase | 25%+ increase |
| Test coverage | >60% | >75% | >85% |
| Debt inventory completeness | >60% costed | >80% costed | >95% costed |
| Developer satisfaction | 10% improvement | 20% improvement | 30%+ improvement |
| Quality gate pass rate | >70% first-attempt | >85% first-attempt | >95% first-attempt |
If below minimum: Re-run Step 2 with deeper cost analysis. If TDR not improving after 4 sprints, audit whether allocation is being honored — PMs quietly reclaiming debt time is the most common failure. [src7]
| Error | Likely Cause | Recovery Action |
|---|---|---|
| SonarQube scan fails on large codebase | Memory limits exceeded | Increase JVM heap: -Xmx4g; scan by module if needed |
| Quality gate blocks all PRs | Thresholds too strict for baseline | Apply to new code only; loosen to 60% coverage, tighten quarterly |
| TDR not improving after 4+ sprints | Allocation traded for features | Audit actual vs planned with EM; escalate to CTO with ROI data |
| Refactoring introduces regressions | Insufficient test coverage | Pause; write tests covering module to 80%+ first, then resume |
| Engineers skip debt items | No cultural buy-in | Start with highest-pain items from survey; celebrate in sprint review |
| Executive support withdrawn | ROI not visible | Present TDR dashboard + velocity improvement + dollars saved |
| AI code bypasses quality gates | Gate not covering Copilot PRs | Branch protection on all PRs regardless of author; add pre-commit hooks |
| Component | Free Tier | Mid-Market ($500/mo) | Enterprise |
|---|---|---|---|
| Code quality tooling | $0 (SonarQube CE) | $150-$400/mo | $2K-$10K/mo |
| CI/CD minutes | $0 (2K min/mo) | $50-$200/mo | Included |
| Backlog tracking | $0 (GitHub Issues) | $10-$30/user/mo | $15-$50/user/mo |
| Dashboard/monitoring | $0 (Grafana OSS) | $50-$200/mo | $500-$2K/mo |
| Sprint capacity (15-20%) | $5K-$15K/q | $30K-$100K/q | $100K-$400K/q |
| Training | $0 | $2K-$5K | $15K-$50K |
| Total first year | $20K-$60K | $150K-$500K | $500K-$2M |
Sprint capacity is already in the engineering budget — redirected, not added. Actual incremental tooling cost is $0-$10K/month. Unmanaged tech debt consumes up to 40% of IT budgets. [src1]
Annual cleanup sprints are ineffective — debt accumulates faster than one sprint can address, and the codebase degrades back within 2-3 months. [src8]
Continuous small investments compound. Every 1 point of debt work yields approximately 0.8 points of future velocity. [src7] [src4]
Engineers gravitate toward cosmetic improvements that feel productive but rarely reduce business cost. [src4]
A messy but stable module costs less than a clean-looking module with hidden coupling causing weekly incidents. Fix what costs the most, not what looks the worst. [src5]
Large rewrites take 2-3x longer than estimated, introduce new bugs, and frequently get cancelled. [src2]
Replace components one at a time, each small enough to complete in 1-2 sprints. The strangler fig pattern has the highest completion rate. [src2]
Use when an engineering team needs to actually execute tech debt reduction — set up the tools, run the scans, build the backlog, configure quality gates, and track improvement. Requires a codebase with CI/CD and executive buy-in for sprint allocation. Produces a functioning debt reduction system with measurable ROI within one quarter.