System crashes and downtime, caused by an unstable platform
Security and data breaches
Missed targets, from development deadlines to KPIs
Budgets overrunning, even in non-technical cost centres
Low agility, making integrations a constant struggle
Frustrations over usability, sapping productivity and morale
Over-reliance on the few developers who can fix the code
Disappointing customer reviews
Whether you’re experiencing specific issues with your software systems, or just feel that they’re not performing as well as they could, a code review is a great first step to pinpoint problem areas and identify actions for improvement.
In order for your code review to deliver the relevant and accurate insight you need to move forward, it’s important that you go about it in the right way. In this post then I’ll explore the key elements of an effective code review process – providing you with a checklist you can refer back to when assessing your applications and services.
Talk to one of our digital experts
Tom Houdmont
Head of Business Solutions
Do you have an idea or a project you need support with?
Tom leads Box UK’s Business Solutions team and has over 15 years experience in the web industry. Tom is passionate about creating impactful solutions that solve real problems and deliver the outcomes our clients need.
Before you begin reviewing your software, it’s important to understand why you are conducting a review at all, and what you want to achieve. Start by defining strategic goals for your code review project; these might include:
Informing your development roadmap, e.g. whether to refactor existing code or migrate to a new system
Stabilising and future-proofing existing infrastructure
Reducing feature development cycle time and cost
Identifying security risks and mitigations
Benchmarking current performance against industry best practice and coding standards
Planning for the implementation of effective test strategies Identifying opportunities to enhance existing performance
Other questions to ask during this initial kick-off period include what ‘success’ looks like, what the highest-priority areas for review are, and whether there are any known issues that need to be investigated. Together, details will help shape the scope of your project, informing the number and type of codebases requiring review (for example backend vs frontend) as well as any additional dependencies that may need to be factored in.
2. Build valuable context
Once you understand what kind of code review you are conducting and why, it’s time to begin gathering information about the codebases you’ll be reviewing. Check whether there are any existing assets available that may provide valuable contextual information, such as:
Database schemas
Continuous integration setup
Build environment and deployment pipelines
Issue tracking systems
Uptime and performance reports
Bug reports
Statistics
Test plans
Consider too talking directly to the software development team working on the codebase, to understand current development practices and coding standards; team surveys and one-to-one interviews are helpful here.
3. Conduct static analysis
A key component in the code review process, static analysis is typically completed by a technical analyst who will employ a range of automated tools to rapidly assess the code against a series of industry-standard benchmarks. The most appropriate tools for your code review will depend on a number of factors including the languages and frameworks your software is based on, but some of the ones we use most often at Box UK are:
A checklist of areas to cover in your static analysis includes:
Code metrics
Size
Structure
Complexity
Repetition
Coupling and cohesion
Dependencies
Use of library code vs custom
Inheritance
Maintainability
Test coverage
Bugs
Runtime errors
Missing commands
Incorrect syntax
Logical inconsistencies
Control flow issues
Naming conventions not followed
Vulnerabilities
Security violations, like nested passwords
Weak cryptography algorithms
Unauthorised access to sensitive data logs
Shortcuts to high-level database settings
Application backdoors
Coding standards
Performance against industry standards and best practice
Adherence to custom conventions and design patterns
Clarity and intent of comments
Use of version control
4. Go beyond the code
To deliver you a complete 360° view of your software systems, your static analysis should be complemented by a manual assessment of your code, typically conducted by a skilled senior software consultant.
Adding a human touch to your code review allows you to go beyond the quantitative detail of your code to look at your supporting software development processes and technology ecosystem, and typically covers areas such as:
Libraries and frameworks
Patches
Versions
Long-term support
Design patterns and style guides
Structure
Classes
Objects
Behaviour
Test coverage
Strategy
Speed
Coverage
Evidence
Structure
Maintainability
Scalability
Speed of development
Onboarding of new team members
Documentation
Security
Authentication
Authorisation
Session management
Data validation
Error handling
Logging
Encryption
Additional areas
Depending on the agreed project scope, the human element of your code review may extend to business processes beyond the code itself, for example:
Architecture review
Agile working
User experience
Usability
Business case and vision
Backlog management processes
Team structure
Project governance
5. Make your findings count
Of course, your code review is only really valuable if it delivers actionable insight, so it’s important to clearly document your findings in a central report, repository or similar, which covers:
Codebases
Does the report analyse all codebases identified in the tech terms of reference?
Does it cover all relevant code and API dependencies?
Issues
Does the report highlight all risks and issues identified by the code analysis? Has it excluded all bias? Are all findings from consultant research documented?
Recommendations
Does the report address all risks and issues?
Does it respond to initial technical and executive concerns? Does it relate to desired outcomes?
Is there a roadmap for the way forward?
At Box UK we have extensive experience delivering this level of practical insight for a range of clients including Sodexo, Jaguar Land Rover and RS Components – supporting the creation of a business case for change, and creating a shared vision for the future that all stakeholders can work towards. Visit our Code Review service page to learn more about how we can help you get to grips with underperforming software, and if you’re interested in finding out more about the elements of an effective software review checklist and the outcomes is can deliver, download our white paper ‘Rescue or Replace – Can Your Ageing Software Platform Carry You Into The Future?’.
Nick Rowland
Head of System Engineering and QA
With 25 years of web development experience, Nick has worked with clients from startups to global financial firms. His expertise in application development, server infrastructure, and automation ensures he delivers optimal solutions tailored to client needs.
Subscribe now and get our expert articles straight to your inbox!
"*" indicates required fields
Related Insights
Blog
Maximising the Effectiveness of Digital Strategies in Government Organisations