by Phil Miller
In our previous post we talked about the importance of code reviews and went over a set of best practices for them. If you haven’t read that yet, please go back and start there. We’ll wait :)
Now, building on our shared understanding of what makes a good code review, we can all agree that, at its core, a review comprises a set of proposed changes (most likely git commits) and some supporting context (project management tickets, docs, design assets, etc). This review exists in your source control tool of choice, in the form of a pull/merge request (PR or MR). It will most likely include some form of workflow (e.g. approvals), CI/CD (e.g. automated preview deployments), and some facility for comments and linking of related assets.
This PR workflow allows for improved code quality and maintainability through peer review in addition to the added benefit of organizational knowledge sharing.
Let’s look at how this is accomplished on:
- Azure DevOps
Additionally, we’ll look at some tools which can work as standalones or as add-ons to these platforms.
Github - the popular choice
Github is an immensely popular choice for good reason. What started as the modern go-to platform for hosted git repositories, both open-and-closed source, has grown into a full service development platform which includes things like: package hosting, security scanning, dev environments, AI assistants, project planning, and discussion boards.
Code review method: Pull Request
- Comments - reviewers can comment on code diffs in rich text
- Suggested changes - reviewers can suggest updates to the code in context as they review
Bitbucket - collaboration for those in the Atlassian ecosystem
If you work with JIRA, then Bitbucket is really a no-brainer when it comes to tight integration with your source control. This is made even more compelling when you consider powerful features like Pipelines and a host of available integrations and reporting.
Code review method: Bitbucket Code Review pull request
- Native JIRA integration - all of your context available right in the review, including the ability to create and assign new tickets
- Top level tasks - assignable tasks in todo lists
- Many available via Atlassian Cloud
Azure DevOps: Microsoft’s unified suite
If you’re in the Azure ecosystem, Azure DevOps is a compelling choice. It offers unlimited private git repos (Repos), CI/CD (Pipelines and Artifacts), project planning (Boards), and even advanced security from its GitHub sibling.
Code review method: Repos pull request
- Unlimited private repos
- Semantic code search
- A comprehensive set available via Marketplace Extensions
Gitlab: Open source and fully featured
What was once considered the de-facto open source alternative to GitHub has grown into the open-core DevSecOps platform. Featuring everything you would expect from similar platforms (CI/CD, project management, security, compliance), they also have impressive AI features (GitLab Duo).
Code review method: Merge request
- Extensive list of things like Issue trackers, Security, and CI
- Infrastructure agnostic CI/CD
Beyond source control
Now that you have a sense of the available tooling in your platform of choice, let’s look at a few other tools that could potentially level up your code reviews.
Atlassian’s standalone review tool Crucible is worth considering if you are using non-git source control (e.g. SVG, CVS, Mercurial, Perforce) or your organization has a mix of different types of repos. It includes the features you would expect like reviews and reporting. Also, because it’s from Atlassian it will work well with Bitbucket and JIRA.
Another option that’s been around for over 17 years (!) is Review Board. It should work with virtually any type of SCM, and it’s trusted by some of the biggest companies in the world. In addition to code review it also allows for Image and Document review, and it’s free and open source.
Gerrit is an open-source code review and project management tool that can trace its lineage back through several similar tools from Google. If you’re self-hosting your git repos and you want a (relatively) lightweight tool, then definitely give Gerrit a look. It has a notable feature in its handling of `git amend`.
if you’re the type of person that lives in your IDE (in this case it has to be JetBrains, VS Code, or Visual Studio), then definitely check out New Relic CodeStream. It allows you to review Pull Requests and see comments from previously merged PRs in the context of the code itself. Some other novel features include: Feedback Requests (basically lightweight PRs), Code Discussion (via Slack, MS Teams, or Email), Issue Management (JIRA, Trello, Github, etc), and, of course, tight integration with New Relic’s observability platform.
One of my most exciting new developments in code review tooling is the explosion of AI-based solutions. Korbit AI Mentor securely reviews your code and helps with things like: critical bugs, performance optimization, security vulnerabilities, and coding standards. It will respond to comments, suggest replacement code, and even provide exercises to upskill your engineers! It also provides insights via its Mentor dashboard to help with project planning and team performance.
That should give you a bird’s eye view of the code review tooling landscape. There’s a vast array of software available to anyone looking for a good place to start, or even those organizations looking to take their software development and code review to the next level.
In our next series of posts we’ll dive into the specifics of how to pick the right tool for your organization, as well as detailed best practices for each of the popular platforms.
In the meantime, if you want to level up your team and do better code reviews with AI, please check out the Korbit AI Mentor and let us know what you think. We value your feedback!