A small software house in the UK has shipped a code quality scanner for RPG; it is free while in beta; and the time between me discovering the tool and my having in front of me a chart that told me which files were problematic and which points inside those files I ought to refactor was seconds. That is the gist. The details, well, those are the rest of the article.
Who is behind the tool?
RPG Metrics comes from KDP Software, which is run by Kevin Passey, and which has been working the IBM midrange platform since 1985 — which is to say through the S/34, the S/36, the AS/400 and IBM i, and which is also to say since I was three years old. Forty years on the same platform, still shipping. I think we can concede him the point that he knows the platform, and that he probably knows what its users might find useful.
He has also been answering questions on the RPG400-L mailing list since at least 2016 — fixed-to-free conversion, MOVE semantics, RPG36 and OCL, the conversion of O specs to DDS — which he was doing, let us remember, back when answering that sort of question required actually knowing the answer, and not the ability to type into an LLM chat.
The Low End of This Market Is Empty
If you want static analysis for RPG, your options are frequently out of reach.
Fresche’s X-Analysis is the serious incumbent here, and since I am about to argue that a gap exists, let me first be fair to the thing that fills most of it: it computes cyclomatic complexity, Halstead volume, maintainability index and nesting depth, and it counts GOTOs and CABxx statements, which is to say a superset of everything RPG Metrics measures. It also extracts business rules, recovers design, and draws you graphical documentation of an application that nobody in the building has understood since 2003. It is a genuinely impressive suite. It is also, precisely, a suite — sold to enterprises, priced on request, bought over a quarter rather than over an afternoon. I have never used it myself, though I have sat through plenty of demos of it, and I will confess that what I saw looked to me as though it had walked out of the ’90s with no intentio to adapt; I remember wondering how it could be possible that nothing more modern existed. But what do I know.
ARCAD sells CodeChecker into the same shops on the same terms. Sonar supports RPG — but only in the Enterprise and Data Center editions, which is to say that the price floor is, well, not so low. And SonarQube, for its part, cannot read source members out of the IBM i library file system at all: you copy your source to the IFS first, and then you point a scanner at it from a different machine entirely. FAQ400 wrote up the setup, which involves CPYSRC2IFS and NetServer serving as the bridge between PDM and the open-source tooling world. All of which leaves me with a question I cannot answer: if I must build my own pipeline in order to analyze my own code, why exactly am I paying someone for the tool?
So the metrics exist. Somebody built all of this years ago, and built it well. What does not exist is a way for a shop with five hundred RPG programs and no procurement department to get a number out of its own code before lunch, without first having to let a developer go in order to afford the licence. This is what people with people who invested in MBAs call “an underserved segment.”
I will add a personal note, since we are being honest with one another: as a small company, I like working with small companies. I like the sensation that there is a person at the other end of the line who might, should he be in a good mood, actually listen. Someone I can trust. With larger companies I find myself uneasy and on my guard, waiting for the part where the contract explains to me what it is that I have really bought. But, you know, to everyone his own.
Four Metrics, That’s it
RPG Metrics measures cyclomatic complexity, a maintainability index tracked across scans, comment level, and RPG Free conversion analysis.
The first three are the standard package, and they do what the standard package does: complexity flags hotspots, so that you know which programs to open first; maintainability, tracked over time, tells you whether you are digging the hole or filling it; and comment density is comment density.
The RPG Free conversion analysis is the one that earns its place. It detects the legacy opcodes — MOVE, MOVEL, Z-ADD, GOTO, TAG, LOOKUP, TESTB — and calculates what percentage of your executable lines they account for, which makes it the only metric in the set that maps onto a decision somebody is actually about to make. Cyclomatic complexity informs you that a program is unpleasant, which, if you have been maintaining it for six years, you had probably worked out on your own. The opcode scan tells you what stands between you and a fixed-to-free conversion that somebody has very likely already asked you to schedule.
I Gave It a Spin
I do not have an IBM i sitting around the house, so I skipped the agent entirely and used the web upload mode — which is, I suspect, not remotely how a real user would come at this. My assumption is that the IBM i agent is far more convenient for actual RPG developers, as opposed to posers like me.
Back to my experiment: I ran it on a couple of files from past projects and on some files from intERPrise, the Apache-licensed ERP written in free-form ILE RPG that Chris Hird and Marinus van Sandwyk started back in 2018. This was a spin and not an evaluation — I did not point it at a real migration codebase.
No install, no config. Upload, read.

The top row is a program from an old project, and its name is blacked out because it is not mine to publish — but the numbers are real enough: 1,488 lines, cyclomatic complexity of 191, maintainability index of 40.21, both of them red against the thresholds that the tool prints in its own legend, where anything from 21 upward is poor complexity and anything below 65 is poor maintainability. Its comment density is 26.14%, which that same legend calls good. In other words, the program is well commented and it is still a swamp.
The second row is the opposite in every respect: complexity of 7.00, maintainability of 90.91, green across. It is 464 lines, of which 44 are executable. Mostly declarations. Nothing to see — which is also a useful thing to be told in two seconds.
And then there is the part that earns the subscription it is not yet charging for.

Subroutine-level complexity, with line numbers. $Order at line 673 scores 40. $Kread at 552 scores 25. $WRiteKMr at 1154 scores 24. Everything from $FpoQty downward is green and can be left in peace.
Now notice what that does to the headline figure. If you add up the per-subroutine scores in that chart you land within a point of 191, which is exactly the program-level number from the table — and which tells you what the 191 actually is. It is a sum. And a sum grows with length whether or not any individual routine inside it is bad, with the consequence that a four-thousand-line program composed entirely of reasonable subroutines would score worse than this one while deserving rather less of your attention. As a triage signal, the big red number must be read carefully. It may indicates you need to split a file, not necessarily that the content of the file is complex per se.
The chart underneath it is the actual product. It does not say “this program is bad.” It says start looking at line 673. And deciding where to start is half the battle.
My one real complaint: upload mode takes one file at a time. Which is fine for kicking the tires and you want to try on a couple of problematics files. Of course nobody, having decided to measure their codebase, wants to sit there clicking through two hundred members one by one. Zip upload would fix it in an afternoon; pointing the thing at a git repository would be a great addition. It is the most obvious gap in the product and simultaneously the most fixable,.
That said, you most probably want just to use the agent mode! I did not test it (I do not have an IBM i) so what follows is the datasheet and not experience: a Python agent running natively, scanning source locally so that nothing leaves the box, XLSX reports written on the machine, optional sync to a cloud dashboard. If it works as described, then local processing is the right default for this audience, because IBM i shops do not enjoy being told that their source code is going somewhere.
I Emailed the Author and He Answered
Disclosure first, because you should have it before the anecdote and not after: I did not come to Kevin as a customer. I got in touch because I wanted to ask him about some ideas — he knows this market, and I wanted his read on it. The tool questions came later. We got to talk (thank you Kevin!) and he mentioned the tool. I got curios and I took a look. And here we are.
Kevin is a working IBM i professional who also builds tools, and not a software company that happens to sell into IBM i. KDP does support and development on the platform, and has been implementing other people’s change management tools since the late 80s — SoftLanding’s TurnOver, ChangeFit, and today as the UK channel for MDCMS, which is Midrange Dynamics’ change control suite. They sell and support Enforcive, the IBM i security suite that Precisely picked up. They are upgrading Craig Rutledge’s open-source tool for AS/SET RPGIII modernization.
RPG Metrics is the tool he built himself, and it is aimed squarely at the gap that the resold products leave open.
What It Doesn’t Do Yet
It is beta, and it shows. Things are changing and by the time you take a look the product could have already improved.
Which brings us to the price, about which the honest answer to “what will this cost me” is currently “nobody knows,” because Pro pricing is not public.
The deeper limitation is not KDP’s fault, and nobody else has solved it either: an opcode count tells you what will not mechanically convert. It does not tell you what will be hard to get right. Those are different sets. A program can be 100% free-format-convertible and still carry packed decimal truncation behaviour, activation group state, or cycle logic that no syntactic scan can see. I have written about that semantic gap in the context of AI-assisted RPG translation: the tools that report a clean syntactic conversion are measuring a part of the problem.
RPG Metrics does not claim otherwise. It measures what is measurable statically, and it says so, which is rather more intellectual honesty than one finds in most of the AI migration pitch decks currently in circulation. Personally, I find honesty refreshing at a time when everybody is bullshitting crazy claims left and right.
Go Scan Something
Here is what I will tell you. Fresche and ARCAD built these metrics years ago and then concluded that you were not worth selling them to at a price you could say yes to. A one-person shop that has been on this platform since 1985 disagreed. It installs easily. It answers a question you probably already have, which is how much of your code is standing between you and free-format. It costs nothing at the moment. And if it breaks, or confuses you, the person who wrote it will reply.
Point it at something and tell Kevin what is missing. Beta feedback from actual RPG shops is how the batch upload gets built.