This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

CRV2 CodeReviewTools

From OWASP
Revision as of 17:10, 22 February 2015 by Gary David Robinson (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


Overview

As discussed in Code Review Guide there are many reason to automate the process of code reviews within the organization SDLC practices. We won't review all those reasons here again but we would like to share with the reader a list of the tools both commercial and open source. OWASP is vendor natural for that reason the text below is supplied by the vendors themselves unless otherwise stated. OWASP does not endorse commercial or open source tools outside of OWASP own projects.

Commercial Code Review Tools

Crucible by Atlassian Software

Begin Atlassian supplied description of their Code Review tool

Crucible is Atlassian’s on-premises code review solution for enterprise teams. Crucible makes it easy to review code changes, make comments and record outcomes thoroughly and efficiently. It encourages developers to carry out more code reviews – improving code quality and fostering collaboration. It is code review made easy for Subversion, CVS, Perforce and other systems.

The flexible code review process allows you to configure your reviews based on workflows or participants. Whether used to perform ad-hoc reviews or in a formal process, Crucible removes the administrative overhead and enables distributive teams to work together. As reviews are inherently iterative, Crucible’s fully threaded comments let teams discuss code regardless of time and location and provide comments directly on specific source lines and files.

When using Crucible, individuals can create reviews directly from the command line, build quick reviews with cut-and-paste snippets and perform one-click reviews from changesets or issues. These reviews can be carried out before check-ins, ensuring the quality of code going into production. As files are always kept up-to-date, developers do not have to worry they are reviewing code that is outdated. With the added bonus of notifications & reminders, audit trails, and reports, Crucible is here to help you produce the best source code possible.

End Atlassian supplied description of their Code Review tool

ReviewBoard by reviewboard.org

Begin ReviewBoard description by Gary Robinson

ReviewBoard is a freely available (MIT license) open source tool supporting many of the review functions required for all sizes of projects, from small team projects to large company repositories. The ReviewBoard server is cross platform (runs on Python) and supports SVN, CVS, GIT, Perforce repositories, as well as integrating with your companies LDAP infastructure to control authenticated users. It allows code diffs to be submitted pre-commit and post-commit with facilities for coder documentation/annotation and integration with bug tracking software (e.g. bugzilla) to allow reviewers to have more context during the review. Code reviewers can collaborate in two ways; reviewers comments are displayed in-line in a diff viewing of the code via the web interface, and are sent via e-mail to the code submitter and other reviewers. ReviewBoard also offers to host a review tool in the cloud for a fee.

End ReviewBoard description by Gary David Robinson

Retrieved from "https://wiki.owasp.org/index.php?title=CRV2_CodeReviewTools&oldid=190084"