Seven Habits for a More Toxic Code Review Culture

Please don’t practice any of the following “advice.” From junior developer to CTO of a Fortune 500, we’re all guilty of making mistakes within development. We’ve picked the worst examples we’ve seen around code review and pulled them together into one terrible, awful reviewer:

Look — I get it. You’ve done everything you could to ensure that no one would ever ask you to do a code review, but they’ve gone and promoted you anyhow. Now you have a whole team to bring down with you, down to the depths of a toxic code review culture.

This won’t be easy — making enemies never is — but if you follow these seven highly effective habits, no one on your team will even think about submitting a pull request. And less pushes means less work. Win-win.

By Lyal Avery

The Most Overlooked Server Permission Checks

After reviewing the code for hundreds of backend server applications, we’ve seen some recurring permissions issues. Below we’ll break down what are the most common problems and how to address them.

We previously looked at common server authentication issues we see in code review and offered tips to avoid them. If you followed these suggestions, you should have improved your server authentication techniques and can assure all your incoming requests have a validated user attached.

By Tyler Mann

Pesky Server Auth Issues We’ve Found

For backend server applications, getting authentication right for your APIs is a critical component for ensuring the security of your service. It’s also one of the most common API security issues we notice.

Almost all popular web frameworks these days have a concept for authentication built-in that you can use to protect your routes and require a user to be logged in to access it.

By Tyler Mann

3 Principles to Get Your Pull Request Reviewed Faster

How long does it take you and your team to get a pull request reviewed, accepted, and merged? How long should it take?

In my experience, the turnaround time a pull request takes to get through code review ranged from minutes to days. I’ve even had PRs sit for weeks waiting for code review. There are a few fundamentals I’ve learned that can help you get your code reviewed quickly and improve your pull request turnaround time.

By Tyler Mann

3 Ways Code Review Makes Your Dev Team Better

These three benefits of establishing a healthy code review process can help development teams write better code and do it more efficiently:

Improve readability and maintainability

With the exception of solo engineers working on their own projects, most software is a collaboration built by teams of people working together. As development teams grow, oftentimes the developer now assigned to maintaining a feature isn’t the same person who originally wrote it.

Code review is the best opportunity to get feedback on the readability of your code from another engineer. In addition to checking for quality and performant code, a good review process encourages teams to optimize code for readability.

By Tyler Mann