Code review

What is GovCMS?

GovCMS is a whole-of-government open source web content management system designed by government for government and hosted on a secure public cloud. Find out more about GovCMS

Why you might need a code review

There are many reasons you might need a code review, such as:

• Maintenance liability: Your code is poorly constructed and difficult to maintain and/or extend/enhance.

• Undocumented: Your site and the code behind it has been built without any documentation and you need to understand how it's built for: BAU management, security reviews and patching, or undertaking enhancements.

• Developers have moved on: Your developers (in-house or external vendors) have left and you need someone to review and understand/document your code.

• Poor performance: Your site is performing poorly and a code review will help you identify bottlenecks/issues/pain-points and plan step-by-step resolution(s).

• Deprecated code: Your site code needs an upgrade, your site may have been built some time ago and coding techniques and standards have progressed, so new modules or functionality are not currently compatible.

• Fragmented: Your site has been built function-by-function and so there is little overall cohesion and structure to the code causing potential instability or incompatibility with other modules or functions.

• Security vulnerability: Your site has a security vulnerability and you need to review the code to identify any issues and establish an effective mitigation resolution/strategy.

Benefits of a code review

Benefits of a code review include:

• Clean and best practice code, which leads to better site performance across a variety of areas.

• Documented code to allow developers to understand the site design, architecture, and available functionality to allow and plan enhancements.

• Performance following best practice coding and functional structures to create a faster more efficient site for users

• Maintenance is manageable with a known codebase to ensure security vulnerabilities are patched and improved overall health of the system.

• Compliance standards are being met such as WCAG compliance, DTA design systems and digital service standards (DSS).

• Security risk profile is known and mitigation strategies in place where required for cyber safety.

Engagement process

Our engagement process is outlined below:

1. Review questionnaire or brief: Agency to complete a light questionnaire (or send Salsa a high level project brief) reflecting basic requirements and/or project key business drivers.

2. Intake and alignment: Salsa conducts a free 30-45 minute intake phone call to align on scope, expectations and overall engagement requirements based on the questionnaire or brief.

3. Project setup

4. Environment setup and assessment tooling

5. Conduct code/module review

6. Produce code/module checklist report covering issues, criticality and recommendations

7. Produce optional cost estimates for remediation

8. Report handover and optional stakeholder presentation

Outputs

As part of the code review, you’ll receive:

1. Checklist report including criticality indicator for critical, high priority, medium priority and low priority findings

2. Issue identification and/or potential areas of attention

3. Recommendations and/or suggested remediations

4. High level costings on implementing suggested recommendations/remediations (optional)

Outcomes

The code review delivers:

• Performance improvements with an efficient code base using clean and best practice coding standards to create a faster, more efficient site for users.

• Roadmap for enhancements and continuous improvement with well-documented code for developers to plan enhancements with a good understanding of the site design, architecture, and current functionality.

• Well-maintained and healthy system, robust from security vulnerabilities being regularly patched for version and security updates.

• Compliant, meeting or exceeding required compliance standards including WCAG AA, DTA design systems, and digital service standards (DSS).

• Improved security with a known risk profile that addresses and contains mitigation strategies against potential cyber attacks.

Fixed price packages

What you get

Our code review packages provide you with a report that identifies all the code issues and gives you recommendations and costings to fix them.

You’ll also have access to:

• The digital agency that’s the official service provider of the entire GovCMS platform and program

• A highly qualified and experienced digital agency that has delivered over 30 GovCMS projects since 2015

• GovCMS product and project delivery specialists with extensive experience in code review, covering both frontend and backend development

• GovCMS technical solution architect to provide a high level of technical governance and oversight to your project

Our team goes through your code focusing on:

• How well-organised and structured is the code?

• Are Drupal coding standards being followed?

• Is the Drupal API being used according to best practices (i.e. avoiding querying directly to the database)?

• The use of Javascript and CSS libraries, well-formed markup (W3C validator) and accessibility (WCAG 2.0 AA).

• Is the right use of PHP logic adopted in template files?

• Reviewing audit log files (Drupal watchdog, Apache and PHP logs) for compromised code that leaves warnings and notices.

The assessment includes:

1. Coding standard compliance check

2. Code security check for vulnerabilities

3. Coding patterns

4. Code performance analysis

5. Business logic validation check

6. Cross-browser checks for client-side business logic

7. Module/code testing in test environment

Other GovCMS services

Salsa’s other fixed price GovCMS services include:

	Website assessments and advisory services Make an informed decision on whether GovCMS is right for you.
	Website rehosting and installation Migrate your Drupal site onto a resilient, secure, monitored and fully managed public cloud platform backed by a 99.95% uptime SLA.
	GovCMS theme development and enhancement services Theme your GovCMS Drupal site to represent your agency’s brand and visual look and feel
	Content migration and consolidation Migrate your proprietary and/or legacy site onto Drupal GovCMS backed by a resilient, secure, monitored and fully managed public cloud platform with a 99.95% uptime SLA.
	Site audits and technical reviews Site audits and technical reviews help you identify any problems in your site, including security and performance issues.
	Theme review Make sure your site is accessible by all users and optimised to be viewed on different devices and internet browsers.
	Ongoing GovCMS application support Whether you’re on GovCMS SaaS or PaaS, ongoing GovCMS application support ensures the application layer for your website continues to remain secure and up-to-date (PaaS only), while also allowing you to build new enhancements and ad-hoc features.
	User testing Salsa provides user testing packages across visitor experience, content author experience, and user acceptance testing (UAT).
	GovCMS out-of-the-box Build and host a new site quickly on a resilient, secure, monitored and fully managed public cloud platform backed by a 99.95% uptime SLA, leveraging GovCMS’s ‘out-of-the-box’ features.

Back to all fixed price GovCMS services