Code Review Checklist Generator by Spectral Ops
Code Review Checklist Generator by Spectral Ops
io/ Spectral offers one of the most comprehensive secret scanning solutions out ther
every facet of the build process. Whether it’s a static build, pre-commit to Git, or C
offers simple integration options that can be enhanced using plugins and hooks.
In addition, Spectral scans Git repositories not just for configuration issues and se
code, but also for logs, binaries, and other data in the codebase which you may n
a potential leak source. The AI and Machine Learning algorithms used by Spectra
technology ensure that detection rates increase and false positives rates decreas
time as more data is processed by the system.
Performance
Should the new code be profiled for performance?
Are there any logging or debugging code that should be removed?
Is caching used where applicable?
Are large assets compressed?
Is the correct data structure being used to store collections?
Is lazy loading, asynchronous loading or parallel processing used where appropriate?
SQL Databases
Is the most efficient data type used for the expected values?
Are queries returning unneccessary data that could be trimmed?
Are you queries sanitized against SQL injections?
Could a Stored Procedure be used instead of code?
Could the SQL Query benefit from errorhandling?
Can performance be improved by indexing?
Security
Has the code been scanned for secrets using a tool such as Spectral?
Do error messages give too much information to potential attackers?
Is user input validated?
Is user data such as passwords and credit card information properly stored?
Is Authentication and Authorization handled correctly?
Are XML documents validated against a schema?
Readability
Can variables, method names, or classes be renamed to improve readability?
Can the code's readability be improved by breaking up methods into smaller ones?
Is it easy to follow how changes to the data happen over time?
Are there unneccessary comments?
Should a comment explain why the code was the designed the way it was?
Is there any commented out code? Can it be removed? If not, is there a comment as to why it is there?
Error Handling
Do errors adequately cover expected situations?
Is there a catch-all error handling to prevent a complete crash?
Are there null checks where appropriate?
Are the correct web error codes used and interpreted?
Does the user recieve appropriate error messages where applicable?
Are errors not sent to users logged with sufficient information?
UX/UI
Has the user journey change, if so, does it still make sense?
Are UI elements accessbile?
Are UI elements honest about what they do?
Does the UI maintain the brand image?
Is the UX good on varied range of devices?
Is there a need for A/B testing?
Self-Review Reviewer
✘ 1 0
✘ 1 0
0 ✘ 1
0 0
0 ✘ 1
0 0
Self-Review Reviewer
0 0
0 ✘ 1
✘ 1 0
0 0
0 0
0 0
Self-Review Reviewer
✘ 1 0
0 0
0 0
0 ✘ 1
0 0
0 0
Self-Review Reviewer
0 0
✘ 1 0
0 ✘ 1
0 0
✘ 1 0
0 ✘ 1
Self-Review Reviewer
✘ 1 0
✘ 0 ✘ 0
0 ✘ 0
0 ✘ 0
✘
✘
0 ✘ 0
0 ✘ 1
Self-Review Reviewer
✘ 1 0
✘ 0 ✘ 1
0 ✘ 0
0 ✘ 0
0 ✘ 0
0 ✘ 0
Self-Review Reviewer
✘ 1 0
✘ 0 ✘ 0
0 ✘ 0
0 ✘ 0
0 ✘ 0
0 ✘ 0
Self-Review Reviewer
0 0
✘ 0 ✘ 0
0 ✘ 0
0 ✘ 0
0 ✘ 0
0 ✘ 0
Self-Review Checklist
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
Comment Passed
Reviewer Checklist
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
#NAME?
Comment Passed