Code Reviewer Spotlight: Fahad Zafar

Before working at Google and Amazon, Fahad Zafar points to code review from senior software engineers as the key tool that helped him grow as a developer. Now, as one of the thousands of reviewers at PullRequest, Fahad seeks to pay it forward by helping development teams improve code quality through code review.

While PullRequest reviewers come from diverse backgrounds, some common themes across reviewers include a passion for improving code quality, and a strong desire to help developers build better software. We interviewed our top reviewers and asked them the following seven questions:

By Brennan Angel

Code Reviewer Spotlight: Dylan Drop

A good code review process can be the fastest feedback loop for developers to receive actionable feedback from senior software engineers. PullRequest reviewer Dylan Drop also sees code review through the lens of mentorship, and emphasizes that developers and reviewers share a common goal of delivering high-quality code.

Our Code Reviewer Spotlight is an ongoing series of interviews so you can get to know our top reviewers. Learn more about Dylan’s drive for continuous learning through code review below:

By Brennan Angel

5 Steps to Create an Effective Code Review Culture

Anyone on a development team who contributes to a software project expects some sort of a code review process. The vast majority of engineering leads will tell you code review is important. The team will have a code review process set up that everyone is encouraged or required to follow.

The only problem? You’re more likely to get the standard “Looks good to me!” (a.k.a. “lgtm”) and approval, without any substantive feedback. It’s a missed opportunity for you to learn from others and to improve your code. The team also misses out on the many ways code review makes your dev team better.

By Brennan Angel

Seven Habits for a More Toxic Code Review Culture

Please don’t practice any of the following “advice.” From junior developer to CTO of a Fortune 500, we’re all guilty of making mistakes within development. We’ve picked the worst examples we’ve seen around code review and pulled them together into one terrible, awful reviewer:

Look — I get it. You’ve done everything you could to ensure that no one would ever ask you to do a code review, but they’ve gone and promoted you anyhow. Now you have a whole team to bring down with you, down to the depths of a toxic code review culture.

This won’t be easy — making enemies never is — but if you follow these seven highly effective habits, no one on your team will even think about submitting a pull request. And less pushes means less work. Win-win.

By Lyal Avery

The Most Overlooked Server Permission Checks

After reviewing the code for hundreds of backend server applications, we’ve seen some recurring permissions issues. Below we’ll break down what are the most common problems and how to address them.

We previously looked at common server authentication issues we see in code review and offered tips to avoid them. If you followed these suggestions, you should have improved your server authentication techniques and can assure all your incoming requests have a validated user attached.

By Tyler Mann