5 Steps to Create an Effective Code Review Culture

Anyone on a development team who contributes to a software project expects some sort of a code review process. The vast majority of engineering leads will tell you code review is important. The team will have a code review process set up that everyone is encouraged or required to follow.

The only problem? You’re more likely to get the standard “Looks good to me!” (a.k.a. “lgtm”) and approval, without any substantive feedback. It’s a missed opportunity for you to learn from others and to improve your code. The team also misses out on the many ways code review makes your dev team better.

By Brennan Angel

Seven Habits for a More Toxic Code Review Culture

Please don’t practice any of the following “advice.” From junior developer to CTO of a Fortune 500, we’re all guilty of making mistakes within development. We’ve picked the worst examples we’ve seen around code review and pulled them together into one terrible, awful reviewer:

Look — I get it. You’ve done everything you could to ensure that no one would ever ask you to do a code review, but they’ve gone and promoted you anyhow. Now you have a whole team to bring down with you, down to the depths of a toxic code review culture.

This won’t be easy — making enemies never is — but if you follow these seven highly effective habits, no one on your team will even think about submitting a pull request. And less pushes means less work. Win-win.

By Lyal Avery

The Most Overlooked Server Permission Checks

After reviewing the code for hundreds of backend server applications, we’ve seen some recurring permissions issues. Below we’ll break down what are the most common problems and how to address them.

We previously looked at common server authentication issues we see in code review and offered tips to avoid them. If you followed these suggestions, you should have improved your server authentication techniques and can assure all your incoming requests have a validated user attached.

By Tyler Mann

Pesky Server Auth Issues We’ve Found

For backend server applications, getting authentication right for your APIs is a critical component for ensuring the security of your service. It’s also one of the most common API security issues we notice.

Almost all popular web frameworks these days have a concept for authentication built-in that you can use to protect your routes and require a user to be logged in to access it.

By Tyler Mann

3 Principles to Get Your Pull Request Reviewed Faster

How long does it take you and your team to get a pull request reviewed, accepted, and merged? How long should it take?

In my experience, the turnaround time a pull request takes to get through code review ranged from minutes to days. I’ve even had PRs sit for weeks waiting for code review. There are a few fundamentals I’ve learned that can help you get your code reviewed quickly and improve your pull request turnaround time.

By Tyler Mann