Code Base Audit And Discovery | Revelry Labs

Revelry Labs

Unleashing Human Potential with Technology

Discovery

Code Audits and Software Product Roadmapping

The first step in building with a team is establishing a roadmap and guidelines for where a product and project stand. Get the roadmap you need for product development from a technical audit by the Revelry team.

Sync on a Code Review w/ the Revelry Team

Our team conducts a comprehensive review of applications, programming languages, frameworks, data storage, setup documentation, production documentation, server documentation, modules, files, source lines, a comment line, test infrastructure, deploy systems, and more.

This helps our team get a high-level overview, as well as a granular understanding of how the original dev team built the application.

Building a business takes an understanding of running a business, and the organizational issues and priorities.

During the discovery phase of a project, partners are run through a series of decision-making exercises and information discovery that lead to the full product detail and scope being uncovered. Discovery is a part of every product that leads to the development of a Roadmap during the Roadmap/Playbook portion of the product journey.

Our team conducts a comprehensive review of applications, programming languages, frameworks, data storage, setup documentation, production documentation, server documentation, modules, files, source lines, a comment line, test infrastructure, deploy systems, and more.

Quality Check – Code Linting

We deploy internal products that scan codebases to determine if they were built following best practices. While problem-solving methods are essential, so too is how the code is structured and written.

Recommendations From Experience

As experts at building digital products, we are opinionated on how work should be done. With every audit, we take time to identify significant issues but also small wins.

Dependency Analysis

What does this application rely on that is not under the control of the Original Dev Team? What services are being used to create the functionality of the application? These questions help identify the potential risks associated with the code.

Package Analysis

This is another point of inquiry on how the code was structured and where certain pieces of information are stored. This focuses on file structure and the interconnected nature of those folders.

Workflow Analysis

We review and create Business Process Model & Notation (BPMN) representations of the company systems or processes associated with the product and user experience models of how employees and consumers will use the new product. This is rooted in an effort to understand the core loop of functionality that provides value to users.

 

An illustration of a green and blue conveyor belt with two brown paper packages tied with string. A third package is falling from a metal chute above.
An illustration of a person standing on a stage, pulling the rope to a long blue theatre curtain.

Staging Analysis

An essential part of production-grade software is the ability to test out new functionality. Staging sites enables this layer of quality assurance. We ensure that development pipelines are set up correctly to provide a testing environment.

Resourcing Guides

Based on the Partner requests, priorities, and objectives, Revelry will present resourcing options that reflect potential impacts of team size and project length based on the Project discovery and prioritization..

Other Code Review and Audit Questions include:

  • How many applications is this?
  • What programming language(s) is this written in?
  • What data store(s), caches, and message buses does it us?
  • Is there documentation that explains how to set up the project?
  • Can the project be set up in one command?
  • Did it work the first time you tried?
  • Is there documentation that explains how to run the server after setup? Did it work the first time?
  • How many files are there?
  • How many “source” lines are there?
  • How many comment lines are there?
  • What’s the test coverage %?
  • Where are the servers project hosted?
  • How is it deployed?
Code audit questions

A Code Audit will generally include:

  • Executive Summary. This provides a very short overview of the entire code audit report. The partner should be able to read only this part and mostly understand the results and recommendations of the audit.
  • Scope of investigation. This explains the depth of coverage when doing the code review.  This can include information on tech stack and architecture,  compliance, security vulnerabilities, scalability and performance review, maintenance considerations, and overall code quality.
  • Findings. The documented information found during the code review process – this comprises the bulk of a code audit to include information on all of the topics mentioned in the scope of investigation.  These findings serve as the foundation for recommendations and future product roadmapping.
  • Key Risks. This includes findings are based on the findings in key areas of security, scalability, architecture, and maintenance.  The biggest risks are identified and documented as part of the code review and audit process.
  • Recommendations. The recommendations in the code audit are made by the experienced engineers conducting the audits.  These recommendations can be used as building blocks towards a stronger product roadmap, strategy, and delivery playbook for building better software products for your business.
  • Conclusion.  The review and recap of the information, as well as organized documentation towards a future product roadmap.  At the conclusion of the code review and audit you will receive actionable takeaways towards building your product and reasonable expectations for the work that will need to be performed going forward.