The code review, or “code review”, corresponds to a quality assurance measure in the field of software development. Source code is the basic element of development work, but also the main product of programming. It is therefore advisable to always submit the code that you have just created or modified to a code review. This procedure consists of letting one or more members of the team verify the work carried out by a programmer.
A software project includes a « code base », that is to say a collection of code files which, once assembled, make it possible to deliver a product. In addition to the product code itself, this base includes, among other things, the necessary configuration, development tools and tests, all of which are presented in code form. All the codebase is managed using a version control system, such as Git. Different “branches” allow multiple versions of the code base to be managed alongside each other. It is therefore possible to develop new functionalities without modifying the production version of the code base.
Generally, the development work is therefore carried out on feature branches, periodically integrated into the main branch. The code review occurs before the “merger”, that is, before the association of the newly created or modified code with the existing codebase. This aims to identify and eliminate errors early in the process, before the code goes into production.
However, code review is not only for fixing possible bugs. The correct functioning of the code, without error and with the production of the desired result, constitutes indeed only one of the prerequisites. There are many other quality criteria to respect to obtain a « clean code ». The presence of comments, the clarity and consistency of the code, but also compliance with a certain style guide and the ability to integrate with existing systems are also essential parameters that should be taken into account. during the code review.
As development work is often done in groups, code review does more than improve code quality. Code review is indeed carried out by other members of the development team, with social effects: new members benefit from comments on conventions and best practices, and knowledge is better exchanged and transmitted within the organization. Code review therefore contributes to fostering a certain culture of quality.
Nowadays, even if code review is carried out by people, code review processes generally rely on specific tools. Code review tools are efficient and relieve everyone involved, which no longer need to deal with complex and tedious process coordination. They can therefore devote themselves fully to the actual code review.
Conceptually, human code review falls somewhere between two automated analysis methods: static analysis and dynamic analysis. Here is what differentiates them from each other:
Static analysis |
code review |
Dynamic analysis |
By programs |
by people |
By programs |
Code reading |
Reading code, virtually repeating execution |
Code execution |
Applying a uniform style |
Association with overview |
Error detection |
Type errors; known security vulnerabilities and anti-patterns |
Complex security vulnerabilities; smell codes |
Integration errors; exceptional edge cases; load testing |