Culture of no Code Review
Posted by zayelion@reddit | ExperiencedDevs | View on Reddit | 18 comments
I can't tell if I'm just in a strange place or what. I've not seen this in my over a decade of work. The powers that be are working using an engineering methodology where the code itself is not reviewed. You are given a task, you branch, work on it, then deploy it to a test server. It is QA'd by the team and if it passes then its merged. Then after that it just goes to production.
I'm curious if anyone else has ever worked with a team that does not do standard code reviews. There is very intense manual QA, but that's it. Im not sure if the team is just high trust or immature. Given my position, I can only educate those around me very slowly due to the team's intense ego and face-saving culture.
Big-Elderberry-5118@reddit
I'm facing the same issue,previously we had rubber stamp code reviews with not many experts available to check the code.Now suddenly the culture has changed and senior guys are reviewing my code and giving a lot of comments.Im just stuck now thinking of quitting my job and get into a new places knowing my flaws and trying to work my way up. I can't deliver at the same pace I was expected to due to the change in review process (btw the change is good and I get to learn a lot more things but I can't deliver on time for sure as I'm not used to this)
Affectionate_Gur7095@reddit
lol r u saying u can't take feedback to improve your code?
InternetAnima@reddit
I'd honestly be terrified to work without code reviews
Blazing1@reddit
.... how? I don't really understand that
InternetAnima@reddit
It would be the wild west pretty much. Everyone doing whatever they want without chance to slow down. How do you avoid code quality going to shit?
Blazing1@reddit
By splitting based on lines of business. You are responsible for your line of business. As an enterprise dev you work on many projects.
cscqtwy@reddit
This works great if you know no one will ever leave the company and dump their disastrous code on you. Or simply go on vacation when someone happens to need a change in their part.
Blazing1@reddit
If someone can't be trusted to write and review their own code they shouldn't be employed.
Unless you're working with react, then I say I'm really sorry.
cscqtwy@reddit
"No one should ever employ juniors" is a take, I guess. Also "everyone we hire must be perfect and exactly on the same page without any coordination".
deleted_by_reddit@reddit
[deleted]
InternetAnima@reddit
Wow I am so sorry for your code base. Unreviewed code by people that are still in college?
Blazing1@reddit
They follow a pretty strict code convention. There's nothing they can do really. I have automated testing including penetration testing, SAST, DAST, etc.
Every completed story is reviewed via QA utilizing X-ray. The students talk to the standard developers on the team for help as well.
Security vulnerabilities are reported by checkmarx where they then have to prove to the security team the piece of code is safe.
It's a system that has worked very well for my case.
I
AdministrationWaste7@reddit
How do any of these insure they follow a "strict code convention"?
Like in theory I could write code in a single line and pass these.
Like do you use something like SonarQube?
Blazing1@reddit
Yup like that. Plus I even use stuff like IBM AppScan.
The application is heavily sandboxed within the icn, meaning it can't connect to anything internally besides what's on the cluster. I have to explicitly request firewall rules through a formal process, which no one else is allowed to do.
To me at this point reviewing their code is like saying I should review someone's power BI report.
AdministrationWaste7@reddit
I'm still kinda lost.
None of the apps you listed replace the benefit of code reviews.
Code reviews exist to help insure that code someone writes is readable, Maintainable and aligns with the rest of the system.
Secondary benefits include being able to share knowledge and mentorship.
It's not about finding holes in code. In fact by the time I get a code review I expect code to be functional at a bare minimum and typically utilize a plethora of automated tests to insure it.
So that's great that you insure your code isn't causing security issues. But what does that have to do with code reviews?
Like do you guys just write a bunch of simple 1 liners or is it just copy and paste code that it's impossible to create spaghetti code or something?
Like not even SonarQube is good enough to replace solid code reviews practices since it misses alot of "soft" stuff.
Blazing1@reddit
Finding defects is literally apart of code reviews.
Bonus-Representative@reddit
Trying to find defects ... Not always succeeding at best a Code review is partially effective mitigation.
Blazing1@reddit
yeah but it shouldn't be management heavy