There are few things more core to the modern business than coding. KPMG predicts that going forward 80 per cent of new revenue growth will come from digital opportunities, and embracing DevOps will sit at the centre of that activity.
For DevOps to be successful, however, the team needs to work securely and according to agile best practice. For that reason, code review needs to be baked into everything that they do.
What is code review?
Code review generally occurs at the start and end of any coding activity, and involves the members within the development team taking sections of code that they didn’t work on themselves, and checking it against a number of criteria, which can include (but isn’t limited to):
- Are there logic errors in the code?
- Are all the requirements of the code implemented in full?
- Are there any security vulnerabilities, or malicious code?
- Does the code fit with existing style guidelines?
Traditionally this has been a manual process, and it is potentially time consuming. However, there are now tools that bring automation to the code review process. A DevOps team that is particularly concerned about security, for example, might leverage some automated tools to help the team check the open source dependencies, container images, and infrastructure as code configuration.
The benefits of code review
- Modern development is about being iterative and agile, and having code reviews a formalised part of the process before and after a coding project is a good way of ensuring that projects remain on-track and compliant at every stage of development.
- Code review also allows DevOps to embrace open source. Open source comes with a host of benefits of its own – it offers pre-built solutions to problems and allows the DevOps team to focus on customisation and competitive differentiation. However, open source can also introduce vulnerabilities into the environment if they’re not caught, and can therefore be seen as being high risk. Any organisation that seeks to leverage open source will need to have a robust code review process in place.
- There are soft benefits to code review too. For example, code review can be an excellent way of getting a new developer or engineer up to speed on the application environment quickly. Reviewing existing code first allows the newcomer to become accustomed to the environment before they try to add to it.
- Code review can also prevent delays to projects. Say a developer needs to suddenly take some time off. Rather than need to wait for the developer to return to pick up on their work, through the code review process, a colleague will understand that developer’s work, and will be able to step in.
- Finally, the earlier issues are found in code, the cheaper they are to address. If there is a security vulnerability in a piece of code, for example, detecting it right at the start of the project is going to make it cheaper and easier to address than discovering it later, in testing, when there are already multiple integrations and APIs, and capabilities to untangle.
With the right tools and a formalised process, a code review before and after the application development process is the most efficient and agile way with which to deliver well-founded, risk-free software back to the enterprise. Most importantly, however, it’s also the most secure way to undertake ongoing and iterative software development, and keep a tight lock on the code so that vulnerabilities aren’t introduced into the environment and then left unnoticed until it’s too late.
Speak to Protectera to discuss the right tools and best practices to build a code review strategy