Daily code reviews are a characteristic shared by over half (53%) of software development teams according to SmartBear’s 2019 State of Code Review. They find, as one would expect, that more frequent code reviews have a direct correlation to higher-quality code. As their report goes on to say, “There is a compounding effect when you introduce all the benefits of code review into daily behavior. Communication improves, knowledge about the codebase is shared, and fewer bugs make it through development to QA.” However, 55% of software developers are not satisfied with their existing code review process. This warrants taking a look at best practices your team can use to get a higher return on your time with more effective code reviews.
Before you start…
All software development projects should start by clearly communicating the coding standard to all team members. Code reviews are your means to maintain and enforce that standard. If a software project involves developing or maintaining existing source code, your coding standard should define how it should be handled, too. You may be inheriting spaghetti-code or a big ball of mud from a previous developer, but fixing that may not be your team’s immediate priority.
Choose which metrics to track and include them in your reports. SmartBear indicates development teams that include this as part of their reporting process are 3.5 times more likely to be satisfied with their code reviews than those who don’t - 41% vs. 12%. Adopting software development analytics tools like Gitential to track critical metrics help to evaluate and accelerate the effectiveness of your QA processes.
Nine best practices for effective code reviews
Though it is “best practice” for everyone, regardless if they are senior developers and engineers to participate in code reviews, few have formal training in conducting them. Defining the code review process and standards is the first step.
But, what if your team hasn’t defined this a code review process or if your team is just starting up? It could be a good idea to get a copy of the Institute of Electrical and Electronics Engineers (IEEE) Standard for Software Reviews and Audits (IEEE 1028-2008). But, what if you don’t want to be that formal about it? The following best practices will go a long way toward bringing your team members to look forward to your code reviews, however often you conduct them.
Keep it manageable. Benchmarks for code reviews by IBM and Cisco strongly suggest limiting code reviews to 400 lines of code per hour to catch 70-90% of defects. Attention to detail naturally wanes over time.
Establish clear goals. Write a description of what the code change is about and provide everyone a checklist in advance with an email, handout, whiteboard, or other collaborative tools your team uses. This identifies what you intend to cover and can help keep everyone on task. Address non-related issues separately.
Prevent disruptive and toxic behavior. Include this as part of your checklist so everyone knows this upfront. You know your team members best, so if this is a regular occurrence, have a private talk with the likely offenders beforehand.
Consistent scheduling. Another best practice is to schedule code reviews the same time each day, or the same day and time each week. This helps to prevent scheduling conflicts arising with multiple team members.
Maximize participation. Take into account the size of your team and office. Engage to include everyone, even if it means having multiple meetings (led by different facilitators). Each meeting is best limited to 7-10 participants to provide everyone a chance to be involved. No one should be exempt, not even the most senior developers and engineers.
Code review tools. Make sure to use the best tools for code reviews for your project. Github has a totally awesome list of resources for code reviews including academic papers, articles, books, podcasts and other tools to help you out, too!
Automate what you can. Use automated code review and software development analytics like Gitential to accurately track your process improvement metrics.
Be constructive. You are reviewing the code, not the coder. It is a best practice to give praise when the code conforms to standards, point out when it doesn’t. Praise effective solutions, offer better solutions and alternatives when they’re suboptimal. Take a moment to explain code defects and how they may impact other parts of the code.
Records and reports. IEEE 1028-2008 provides a comprehensive list of everything that should be recorded. At a minimum, keep a record of everyone who participated in the code review, when it was conducted, and the reasons why. This should also include a detailed list of what was reviewed, and what the results were (number of defects found and fixed, new solutions adopted, and other remedial, post-review, efforts to be taken).
Cost and ROI of effective code reviews
If you’re curious about the cost of code reviews, there’s an app for that. Having a one hour code review daily equates to 253 hours per year. This correlates to a full college semester’s worth of OJT learning with the newest coding practices and tools. Many development teams use their code reviews for onboarding new team members and as a training tool. The relative ROI, however, can be gained only if you use software development analytics to track developer performance in conjunction with actively managing technical debt. Over time, you should realize fewer defects, lower code churn, and greater productivity. You’ll be able to predict work requirements more accurately, miss fewer deadlines, improve your team’s job satisfaction and reduce turnover. Gitential is an automated software development analytics tool that you can use with your code reviews. Give Gitential a try now - free, no credit card needed.
If you have spare time, Alejandro Lujan’s video provides a very good overview for software developers to do “Amazing Code Reviews: Creating a Superhero Collective” and was referenced in the betterDev Jan 27, 2020 newsletter.