While I have been always a staunch jock of gratuitous and loose - source apps , it ’s hard to manually review code of every app and I often front onwards to encrypt followup tools .
These tool help oneself you chop-chop notice hapless programming habit , fundamental variety in a portion ’s features , high - risk components , security measures bugs , etc . Moreover , these tools are often GUI - found indicators which make it easy to understand without expertise in the said programming nomenclature . With that say , not all computer code review apps are made equal . So , here are the best computer code review puppet for both individual & endeavour .
Best Code Review Tools
1. Gerrit
Gerrit is a web - found code review prick develop by Google and call for a JDK host to escape . It works in sync with GitHub . So , before you push the code into production , it goes through Gerrit where your peer can refresh the computer code . Gerrit supports labor a project via git commands using SSH or HTTPS . For instance , you want to upload your projection to Gerrit for limited review . you’re able to ssh your Gerrit waiter and use “ git thrust ” to upload your repositories to Gerrit .
Gerrit also offers a hardening of plugins like CodeMirror , Phabriactor to link with other codification review tools and get extra functionality .
Overview :
DownloadGerrit
2. RhodeCode
RhodeCode is another match code review tool like Gerrit that mould in sync with GitHub . However , it also integrates well with Mercurial & Subversion . In comparison to Gerrit , it provides a productive and much more visceral interface . you’re able to remark inline and make change with the code through the RhodeCode web interface itself . Unlike Gerrit extensions , RhodeCode provides JSON - RPC API for you to build third - company tool using it . My most favorite feature is the ocular changelog that provides a birds - eye view of the developmental changes and assist to keep a track .
In accession to this , you also security feature like repository rule notifications . It inform the admin about suspicious activity in the repo . you could also limit the entree of the repo to certain IP scope .
DownloadRhodeCode
3. Find Security Bugs
Find Security Bugs , adverse to the name , is a plugin to find all type of bug in your code . It can discover bad code practice , correctness , performance bottleneck , security microbe , dodgy codification , multithreaded correctness , etc . The plugin works in sync with the Maven Central depositary . However , if you use an IDE . It can be locally used in coincidence with Netbeans , Eclipse , IntelliJ , Jenkins , and Sonar Qube . For instance , I was using Eclipse . On the Eclipse market , it ’s available under the name “ SpotBugs ” . So , the installation process was fairly leisurely and straightforward .
The only caution with Spotbugs is it only knead with Java codification and Java EE applications .
Supported Languages : Java , Java EE
DownloadFind SecurityBugs
4. SearchDiggity
SearchDiggity is a project that unify popular hacking puppet like GoogleDiggity , BingDiggity , SHODAN Diggity , FlashDiggity , etc . It ’s mostly a tool to security control your web app or applications programme waiter . It uses Google , Bing , and SHODAN hunting locomotive engine to attack and infiltrate your web site or host . It uses a combination of regular expressions in search inquiry to leak data point . For instance , SearchDiggity can verify if your AWS keys are hive away in apparent text or if your web site lumber in is prone to SQL Injection .
It ’s a must - have if your entanglement host handles a huge amount of World Wide Web dealings and legion a lot of data .
In case you get the “ Google Bot Detected , pausing scan for 15 mins ” fault , you’re able to change SearchDiggity to use theofficial pay API’sprovided by Google , Bing , and SHODAN under Help > content .
DownloadSearchDiggity
5. Phabricator
Phabricator is a set of free World Wide Web computer code review article putz . It ’s a LAMP ( Linux , Apache , MySQL , PHP ) program written in PHP and is more of an auditing and quislingism dick like GitHub .
you could try out Phabricator before installing it on your LAMP server . It has a hosted web instance calledPhacility . you may synchronize in your GitHub or SVN codification repositories to this case straight off . The most important tool in Phabricator is Differential . It ferment similar to GitHub commits . Once a modification is tug , it give notice all the user to review the variety . It present a thoroughgoing run - down of the changes and code . After approving , the change is O.K. and can be push into production .
Supported linguistic communication : NA
6. MS Application Inspector
Microsoft lately launched its computer code reexamination puppet calledApplication Inspector . As per Microsoft , this peter was built to analyze open - source software system and what the code , library perform in a nutshell . In rules of order to use the app Inspector , you would have to deploy the “ dotnet - sdk ” packet . It output the report in an HTML file . I tried it on the Nylas chain armor app and the write up summary is fairly concise .
The display is well broken down and categorise the software features , protocol used , genus Apis called , etc . For instance , in terms of data storage , Nylas mail use SQL and a bit of NoSQL for PubSub swarm messaging inspection and repair . I just have to penetrate on the Data reposition and “ View ” button beside Details . It ’ll show you the associated rules on the right and upon clicking on it , you get the code review in the pop - up . It ’s moderately easy and straightaway to jump and review code .
oral communication back : C , C++ , C # , Java , JavaScript , HTML , Python , Objective - vitamin C , Go , Ruby , PowerShell , ( API ) AWS , Azure .
DownloadMS app Inspector
Closing Words
Also Read:7 Best Development Boards to Make Your First DIY Project
