What to look for in code review tools

Get an assist from tools

The most common assisted code review tools aim to improve developer collaboration, targeting peer review. Team collaboration tools can improve communication during development and integrate the code review as a stage in the process, not one that requires extra time and effort. Teams can improve code quality with simple collaboration via project management tools like Basecamp, code repository systems like Git, and issue-tracking tools like Atlassian Jira.

Many code review tools support one or more models of cooperative or collaborative review. To get this capability, evaluate products such as SmartBear's Collaborator and Devart's Review Assistant, or open source options like Codestriker or Gerrit.

Tools can also enforce workflows. Workflow enforcement tools define process-person relationships, and then ensure that necessary exchanges occur. Corporate compliance strategies often involve workflow enforcement, and this practice extends to development to help meet mandatory governance or regulatory frameworks.

Workflow enforcement vendors include popular options such as Integrify, Kissflow and Pipefy, but organizations can also formalize workflows with a combination of interactive development tools and collaboration tools.

Another broadly useful class of code review tools focuses on component, data structure and API management. These tools detect changes and track dependencies in the software, including places where the data structures are published for use by other applications.

Teams can track changes to code, data structures and API specifications that are stored in a version-controlled repository, and assess how those changes affect other systems and components. Integrated development environments include features to handle overall management of APIs, data structures and code dependencies, as long as there's a reference state and development practices are enforced. All popular IDEs have that capability, as do tools that manage the data, code and APIs. Teams that take this approach aim to create a single source of truth -- all the code and all the code's history -- in the repository.

Automate, enforce your standards

With automated code review, rather than assisted review, teams apply static code analysis to assess whether developers adhered to established practices. Don't think of automated code review as a speed round of debugging. These tools don't debug the code; rather, they enforce the organization's specific standards for coding. It's essential to have a comprehensive toolkit that handles most of the code review practices covered here, because compliance standards are highly specialized and might change often within an organization.

The baseline for automated code review is control over the pull-and-commit process associated with the code repository. Automated code review tools analyze the code for common errors and even violations of popular practices. There are many tools available, including several dozen open source options. Commercial products include Codacy, Code Climate and codebeat. Whatever your choice, keep in mind that true automated code analysis will likely have some programming language limitations; many tools work for one language alone.

You can't spell quality without AI

Many development managers see AI as the next frontier of automated code review. AI-based tools, according to many users, come close to matching properly managed formal code review, in rapid development timeframes. Some proponents even think that AI code review is better than formal peer review, as it handles more problems and review factors.

Tools in the AI-based automated code review space include AI Reviewer, DeepCode, Facebook's SapFix and Microsoft's IntelliCode. Some products base their analyses on practices adopted in large public Git repository-hosted projects, so it's important to look at programming language issues. For example, AI Reviewer is specific to the C++ language, at time of publication.

AI tools get the most attention in the automated code review tools marketplace. However, organizations can struggle to use these tools when they already have another toolkit to support a different code review model. Look at the benefits of a new tool alongside the barriers to rapid adoption and acceptance. Make sure you can realize the benefits of what AI offers to code review processes before you commit to it. Otherwise, ease your way into AI features through static code analysis tools.