Code reviews are important for everything from ensuring application security to reducing technical debt. However, code reviews can be quite time consuming. By using tools, you can reduce toil and automate some manual tasks, speeding up development.
Code review analytics is a great place to start. By understanding how your current code reviews perform, you can make decisions to optimize your workflow.
- ValueStream offers GitHub PR analytics
- GitLab recently added code review analytics as well
- SourceLevel offers PR analytics as well for gaining deeper insights
Automated security code reviews can not only improve code review time, but also consistently search your code for known security bugs. This can save a lot of manual time while also ensuring that common bugs are not overlooked.
- GitHub just announced CodeScanning, an automated security code review tool that works for both pushes and PRs.
- Codacy, an automated code review tool, will search search for security flaws in your code.
- Synk.io recently releases a free cheatsheet that makes it easy to search for security flaws in code reviews.
- SoftwareSecured.com also has a great security checklist for code reviews!
Code quality/technical debt
Searching for duplicated code, unused functions, and overcomplex code can often be automated. These tools will save you time and do a lot of this for you:
- Codacy does automated code quality reviews for PRs, including metrics to show how your code quality improves over time.
- SourceGraph makes it easier to visualize and understand your code in code review time.
- DeepSource (now free for private repos) also offers automated security analysis on code reviews in Python and Go.
Improve the manual review process
- CodeSteam makes it easy to request a code review at any point in the development cycle, right from your IDE.
- Phabricator, Facebook’s code review tool, adds a lot of features that GitHub PRs are lacking.
- SourceGraph’s GitHub Integration is a browser extension that adds enhanced discussion tools
- Github PRs for VS Code makes it easy to “checkout” a PR in VS Code and leave comments.
🤔 Are we missing something? Contact us
⚠ Disclaimer: I do contract social media work for CodeStream, which is included in this roundup.