Source code quality audit

Source code quality audit

We perform quality audits for SaaS and Web applications with source code review of int Java, C #, Ruby and Python.

The aim of source code audit is to check whenever a solution takes advantage of best practices and standards of professional conduct, accepted and adopted by the professionals creating similar solutions.

During the audit we are looking for potential sources of problems at least in the following areas:

  • The quality and reliability of the production process
  • The complexity of the application object model
  • The maintainability and general quality of the code - eg. its readability,
  • The degree of resistance to the changes and refactoring - whether as a result of changes new versions of the system will break,
  • The quality of automated tests - their scope and coverage
  • The quality of the preparation process of the binary and its reliability - automation and ability to deliver quality packages over time

These areas and potential problems which may occur in them, should be known to a professional development teams, we're checking if the quality is built-in ground up through the solution, from the source code up to the binary package delivery.

As a result, we prepare an audit report which contains:

  • A description of the risks associated with improper preparation of the solutions in these areas;
  • Information about all the places that have passed the audit with negative results;
  • Information on selected and relevant solution portions that have passed the audit with a positive result, and
  • The conclusions of the assessment.

During the audit we review the code. Evaluation the of code quality, and the degree of compliance with the standards and professional practices is subjective, supported by our 10 years experience in the construction of information systems in different technologies.

Following a review we assess the security of a solution in general, recommend what to change, how to improve the quality and what defects should be corrected before a solution will go live. We also show what are the risks of deploying the solution without changes.