This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
CRV2 CodeReviewTools
Overview
As discussed in Code Review Guide there are many reason to automate the process of code reviews within the organization SDLC practices. We won't review all those reasons here again but we would like to share with the reader a list of the tools both commercial and open source. OWASP is vendor natural for that reason the text below is supplied by the vendors themselves unless otherwise stated. OWASP does not endorse commercial or open source tools outside of OWASP own projects.
Commercial Code Review Tools
Crucible by Atlassian Software
Begin Atlassian supplied description of their Code Review tool
Crucible is Atlassian’s on-premises code review solution for enterprise teams. Crucible makes it easy to review code changes, make comments and record outcomes thoroughly and efficiently. It encourages developers to carry out more code reviews – improving code quality and fostering collaboration. It is code review made easy for Subversion, CVS, Perforce and other systems.
The flexible code review process allows you to configure your reviews based on workflows or participants. Whether used to perform ad-hoc reviews or in a formal process, Crucible removes the administrative overhead and enables distributive teams to work together. As reviews are inherently iterative, Crucible’s fully threaded comments let teams discuss code regardless of time and location and provide comments directly on specific source lines and files.
When using Crucible, individuals can create reviews directly from the command line, build quick reviews with cut-and-paste snippets and perform one-click reviews from changesets or issues. These reviews can be carried out before check-ins, ensuring the quality of code going into production. As files are always kept up-to-date, developers do not have to worry they are reviewing code that is outdated. With the added bonus of notifications & reminders, audit trails, and reports, Crucible is here to help you produce the best source code possible.
