What is a code review?
Code review is a software quality assurance process, whereby code changes are methodically assessed to identify bugs and increase code quality.
Note
Reviews are managed through Pull requests. Consult Microsoft learn for more information about conducting code reviews with Azure DevOps.
Benefits of code reviews
- Maintain compliance: code reviews help team members adhere to the same coding standards and compliance rules.
- Discover bugs earlier: code reviews enable teams to identify and fix problems before customers ever see them. Moving review process earlier in development lifecycle shortens the feedback time, thus reducing the cost of fixing an issue.
- Enhance security: code reviews help detect security issues and ensure compliance. While reviewing the code team members can look for vulnerabilities and security threats.
- Share knowledge: code reviews help share knowledge in the team. Junior developers can learn from more senior team members. It also ensures that no person is a single point of failure by spreading knowledge across the team. It also helps with healthier work-life balance as shared knowledge lets team members take vacations, because other team members have background knowledge on a topic.
- Improve code quality: static code analysis and unit tests are great help to improve the overall quality of code. However a human being can notice code quality issues that automated tools may miss. Code reviews even help with reducing potential technical debt.
Recommended code review approaches
Pair programming
It involves at two developers collaborating in real time. One writes the code and one reviews the code. It is an effective technique as team members share knowledge and can quickly overcome difficulties by working through ideas together.
Pros
- Knowledge sharing in real time
- Prevents miscommunication
- Solves complex problems
- Increases collaboration in team
- Identifies more bugs
- Immediate feedback
Cons
- Time consuming
- Budget impact
Over-the-shoulder
Similarly to pair programming, it involves two team members. The author explains the change and offers reasoning for the chosen solution. The reviewer asks questions and makes suggestions. Small fixes can be done during the review session and larger fixes in a later time.
Pros
- Cheaper than pair programming in terms of time
- Prevents miscommunication
- Fast feedback
Cons
- Reviewer is detached from code
Tool assisted
Tools can help save time as changes to be reviewed are gathered automatically and differences displayed in an easy-to-read format. Feedbacks can be provided via comments and team members can have conversation threads around a feedback. Tool assisted reviews help to incorporate automated checks to identify compliance issues, vulnerabilities to speed up the review process.
Pros
- Automated tooling speed up the process
Cons
- Slower feedback cycle
- Tools must be maintained
Best practices
- Choose review approach that fits the best: There is no one-size-fits-all approach to conduct code reviews. Find the right balance between above mentioned approaches while reviewing changes. Use tools to help with the review process, but do not underestimate the value of real-time or near-real-time collaboration, especially for solving complex problems.
- Include everyone: Code reviews are excellent to help new or junior teams members to get up to speed with the code base. Including everyone into code review process makes it easier to adjust when people go on vacation or no longer on the team by sharing knowledge.
- Distribute code reviews amongst the team: distributing code reviews amongst the team members spreads the domain and background knowledge evenly, that reduces the risk of single point of failure.
- Ask questions and provide context: code review helps everyone who are being involved to learn. Ask if you are not sure why something is implemented in a certain way. Have suggestions how to improve the code and the solution while give proper reasoning.