Rootstrap Blog

Code audits

For many projects, clients hire us to only run code audits. In other cases, we inherit legacy code, and going through a code audit is a requirement for working with us.

With time and repeated experience, we refined and strategized our audit process. It’s now a distinct work product that we offer to clients on its own.

Why do we do it? Accountability!

As said, we often get projects that were created by other teams — sometimes in-house techs and sometimes offshore providers. In these cases, clients ask us to just take over the work or to only fix the problems. But we don’t work like that.

The reality is that whenever we work on any project, we’re accountable for it in its entirety. We take over responsibility for the soundness of the technology, even if someone else built it. That means we dig deep into existing architecture to make sure it’s done right. Even when clients only ask for limited work on existing platforms, we know they expect a high-quality final product. We hold ourselves to high standards that meet their expectations and ours.

In-depth understanding

Before we write a single line of code, we need to know what we’re working on. We don’t get started until we fully understand the project’s architecture in its current form. Then we assess what needs to be done to fix bugs and meet our clients’ requirements. Our team of experts makes sure your platforms and apps don’t just get the job done. We provide the latest, cutting-edge technology, so you get the best possible software products and services.

Some of the questions we ask

We begin work on your project by asking these questions and more:

  • Are there any built-in tests in this project? Examples are hardware tests for RAM, security pen tests, and software quality assurance tests. What specific aspects of the project do the tests cover?
  • Are any static analysis tools being used to identify code constructions known to cause software errors? Are any code smell detectors integrated to spot symptoms of deeper problems?
  • Has this project had an orderly development process with a meaningful, documented history on GitHub? If it has code reviews, are they positive?
  • Does the technology do the work it was built for? And if it does, is it efficient, cost-effective, and scalable?
  • Are there any load tests built into the project determine maximum operating capacity and expected system behavior? Based on those tests, where is app’s the breaking point?
  • Is this project in sound enough condition to keep the existing code and architecture? Or do we recommend building it from scratch?
  • What’s the best investment of our time and resources to fit the clients’ business needs?

Our standards

At Rootstrap, our code quality and architecture standards are extremely high. We continuously improve and polish our processes and quality requirements. Our results reflect the knowledge and skill built through many years of learning, growing, and refusing to settle for less.

Our Code Audit Process

Our thorough code audit takes about one week and has several phases:

1. Introduction

We start by meeting with you to identify key business goals and document the an agreed-upon process that we’ll follow. We learn and work with your entity’s specific needs. For example, startups and SMBs don’t have the same business goals as an enterprise-grade software company.

2. Software architecture assessment

We review the project’s code and analyze how it’s organized from a high-level perspective. We document all its moving parts. Examples are frontends and backends, containers, data planes, certificates, and drivers. Then we provide general insights on the health and functionality of the code and the network architecture platform that it creates.

3. Static code analysis

We test each component in the project with a set of static analysis tools. We check for code duplication, security problems, cyclomatic complexity, and other issues. The toolset depends on the code’s programming languages. Some tool examples are CodeClimate, Pylint, CSSLint, RailsBestPractices, Reek, Rubocop, and ESLint.

4. Manual inspection

The human factor is of utmost importance in a manual inspection. For each language or component, our expert senior developers analyze the project’s code and document their findings. The previous code analysis step can partly guide this inspection. But the subjective conclusions of a knowledgeable, highly trained professionals are key. During this inspection, we also analyze database design, data structure, and test coverage.

5. Infrastructure and scalability

We check for potential bottlenecks in the code. These blocking sources can combine with weak or flawed infrastructure to cause scalability or other problems with system function.

6. Process

We look closely at the data repository. What process was followed to create the code? What code, performance, and security testing practices were implemented? What level of automation was built into the project?

7. Action items

Last, but not least important, we propose action items for the project. Sometimes, we recommend refactors or changes, so we can take over the code confidently. We’ll implement these changes, but we make it clear that we only do feature revision, not development. At other times, we determine that the best solution is to rewrite the code from scratch. Unfortunately, it’s common to find that things weren’t done right the first time.

Last, but not least important, we propose action items for the project. Sometimes, we recommend refactors or changes, so we can take over the code confidently. We’ll implement these changes, but we make it clear that we only do feature revision, not development. At other times, we determine that the best solution is to rewrite the code from scratch. Unfortunately, it’s common to find that things weren’t done right the first time.

Accepting the outcome

At times, it can be hard for clients to accept the outcomes of our audit process. Some clients don’t want to hear that their project needs a complete overhaul. These clients might even find another tech service company that says the code is good enough, and they’ll take over the project and work with its existing platform.

But at Rootstrap, we aren’t “yes men.” We’ll never take over projects that need extensive work and then only apply quick-fix “band-aids” that keep you struggling with bugs forever. That’s why we created a work process that includes in-depth analysis and a detailed action plan to repair and upgrade your project permanently.

Our pledge to you

If you work with us, radical transparency and problem surfacing is our only path. You might not like the idea of investing even more into a project that you’ve already put a lot into. But the alternative of not fixing what’s broken will likely lead to more technical debt and possibly devastating effects on your company’s financial health. We want you to avoid that outcome by providing state-of-the-art technology to keep your business performing at its highest potential.

*If you are the owner of a digital platform and would like to discuss the challenges you face on a technical level, contact us here. Alternatively, you can reach out to anthony@rootstrap.com.

1 Comment

  1. Charles Hazelwood

    August 2, 2020 - 5:28 pm
    Reply

    I can’t connect to my applications

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.