Code Review in 2022: Everyone Can Do Better
March 07, 2022

Noel Wurst
SmartBear

As the debate rages on within companies of all sizes on who should "own" software quality, and at what stage(s) of the SDLC should testing be performed, an interesting finding popped up in the most recent SmartBear State of Software Quality | Code Review report. Close to 800 participants in the survey — nearly 80% of which define their roles as either developers, architects, or systems engineers — stated that code review is the number one thing a company can do to improve code quality.


In looking at a previous years' findings, code review also took the top spot in 2020, but it was in a sharp decline from its highest-ever spot in 2019. At the same time, unit testing, which has come in second place each year, was on a sharp upswing in 2020's report, nearly tying code review for the top ranking. However, in 2021, code review is trending upward again, while unit testing is headed in the opposite direction.

No matter which of the two that respondents believe is the best contributor to overall code quality, code review and unit testing enable issues to be spotted and remediated early in the development lifecycle. When performed together — it should never be an "either/or" decision—these two can prevent higher costs to repair, greater threats to scheduled release dates, or bugs slipping through to production and being found by your customers.

As to how often code review sessions are being performed, and how often they perhaps should be performed (though, there is no "one size fits all" for anything in software development), more than 70% of respondents reported that they participate in code review on a weekly basis. At the same time, respondents were asked if they're satisfied with their team's current code review processes. Forty-three percent reported being satisfied, and 11% were very satisfied.

Personally, I'd love to speak with some of the 28%, a pretty large percentage, who reported being simply "neutral" about the code review processes currently being conducted by their teams. Questions like:

Does your whole team share this feeling?

What would make your team more satisfied with more code review frequency?

Moving from ad-hoc to tool-based?

What benefits, not just to your code, but what benefits are you receiving from your code review sessions?

What are you learning?"

Speaking of the learning opportunities available within code review sessions, I was thrilled to see that 82% of respondents (54% agree/28% strongly agree) don't just learn, but learn often, and learn from the other people, not just from the evolutions of their code. Improvements to software quality will likely always be the most important benefit of code review to most developers (90% said so), but 75% rated knowledge sharing highly, 61% said it helps with mentoring new developers, and 52% recognized code review's contribution toward increased collaboration. I love all of these responses.

The invaluable learning that can take place during code review sessions is immensely important to never lose sight of. As teams make knowledge sharing an even greater priority, I think, and hope, we'll see those who "strongly agree" with being satisfied with their current code review processes take up a lot more of the pie than it does today. And to the 11% who are highly satisfied today, congratulations! Now it's time to help others feel the same way.

Noel Wurst is Software Quality Evangelist at SmartBear
Share this

Industry News

December 06, 2022

The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, announced the graduation of Argo, which will join other graduated projects such as Kubernetes, Prometheus, and Envoy.

December 06, 2022

Wib announced API PenTesting-as-a-Service (PTaaS) designed to help organizations proactively cover the latest PCI-DSS 4.0 mandates for testing application security, APIs, and vulnerabilities in Business Logic.

December 05, 2022

Harness announced Harness Cluster Orchestrator to allow customers to optimize their Kubernetes cloud workload costs and realize up to 90% cloud cost savings with Amazon Elastic Compute Cloud (Amazon EC2) Spot instances from Amazon Web Services (AWS).

December 01, 2022

Salesforce introduced a new Automation Everywhere Bundle to accelerate end-to-end workflow orchestration, automate across any system, and embed data and AI-driven workflows anywhere.

December 01, 2022

Weaveworks announced that Flux, the original GitOps project, has graduated in the Cloud Native Computing Foundation (CNCF®).

December 01, 2022

Tigera announced enhancements to its cluster mesh capabilities for managing multi-cluster environments with Calico.

December 01, 2022

CloudBees achieved the Amazon Web Service (AWS) Service Ready Program for Amazon Elastic Compute Cloud (Amazon EC2) Spot Instances.

November 30, 2022

GitLab announced the limited availability of GitLab Dedicated, a new way to use GitLab - as a single-tenant software as a service (SaaS) solution.

November 30, 2022

Red Hat announced an expansion of its open solutions publicly available in AWS Marketplace.

November 30, 2022

Sisense announced the availability of the Sisense CI/CD Git integration module.

November 29, 2022

Codenotary announced TrueSBOM for Serverless, a self-updating Software Bill of Materials (SBOM) for applications running on AWS Lamda, Google Cloud Functions and Microsoft Azure Functions that is made possible by simply adding one line to the application source code.

November 29, 2022

Code Intelligence announced its open-source Command-Line Interface (CLI) tool, CI Fuzz CLI, now allows Java developers to easily incorporate fuzz testing into their existing JUnit setup in order to find functional bugs and security vulnerabilities at scale.

November 29, 2022

Parasoft announced the 2022.2 release of Parasoft C/C++test with support for MISRA C:2012 Amendment 3 and a draft version of MISRA C++ 202x.

November 28, 2022

Kasm Technologies announced the release of Kasm Workspaces v1.12, providing major enhancements to its portfolio of digital workspaces delivering Desktop as a Service (DaaS), Virtualized Desktop Infrastructure (VDI), Remote Browser Isolation (RBI), Open-Source Intelligence Collection (OSINT), Training/Sandboxes, and Containerized Application Streaming (CAS).

November 28, 2022

Cloud4C has achieved Amazon Web Services (AWS) DevOps Competency status.