Relates to
What is GovCMS?
GovCMS is a whole-of-government open source web content management system designed by government for government and hosted on a secure public cloud. Find out more about GovCMS
Why you might need a code review
There are many reasons you might need a code review, such as:
Maintenance liability: Your code is poorly constructed and difficult to maintain and/or extend/enhance.
Undocumented: Your site and the code behind it has been built without any documentation and you need to understand how it's built for: BAU management, security reviews and patching, or undertaking enhancements.
Developers have moved on: Your developers (in-house or external vendors) have left and you need someone to review and understand/document your code.
Poor performance: Your site is performing poorly and a code review will help you identify bottlenecks/issues/pain-points and plan step-by-step resolution(s).
Deprecated code: Your site code needs an upgrade, your site may have been built some time ago and coding techniques and standards have progressed, so new modules or functionality are not currently compatible.
Fragmented: Your site has been built function-by-function and so there is little overall cohesion and structure to the code causing potential instability or incompatibility with other modules or functions.
Security vulnerability: Your site has a security vulnerability and you need to review the code to identify any issues and establish an effective mitigation resolution/strategy.
Benefits of a code review
Benefits of a code review include:
Clean and best practice code, which leads to better site performance across a variety of areas.
Documented code to allow developers to understand the site design, architecture, and available functionality to allow and plan enhancements.
Performance following best practice coding and functional structures to create a faster more efficient site for users
Maintenance is manageable with a known codebase to ensure security vulnerabilities are patched and improved overall health of the system.
Compliance standards are being met such as WCAG compliance, DTA design systems and digital service standards (DSS).
Security risk profile is known and mitigation strategies in place where required for cyber safety.
Engagement process
Our engagement process is outlined below:
Review questionnaire or brief: Agency to complete a light questionnaire (or send Salsa a high level project brief) reflecting basic requirements and/or project key business drivers.
Intake and alignment: Salsa conducts a free 30-45 minute intake phone call to align on scope, expectations and overall engagement requirements based on the questionnaire or brief.
Project setup
Environment setup and assessment tooling
Conduct code/module review
Produce code/module checklist report covering issues, criticality and recommendations
Produce optional cost estimates for remediation
Report handover and optional stakeholder presentation
Outputs
As part of the code review, you’ll receive:
Checklist report including criticality indicator for critical, high priority, medium priority and low priority findings
Issue identification and/or potential areas of attention
Recommendations and/or suggested remediations
High level costings on implementing suggested recommendations/remediations (optional)
Outcomes
The code review delivers:
Performance improvements with an efficient code base using clean and best practice coding standards to create a faster, more efficient site for users.
Roadmap for enhancements and continuous improvement with well-documented code for developers to plan enhancements with a good understanding of the site design, architecture, and current functionality.
Well-maintained and healthy system, robust from security vulnerabilities being regularly patched for version and security updates.
Compliant, meeting or exceeding required compliance standards including WCAG AA, DTA design systems, and digital service standards (DSS).
Improved security with a known risk profile that addresses and contains mitigation strategies against potential cyber attacks.
Fixed price packages
Simple | Intermediate | Complex | |
Features | Up to 500 lines of code per module | Up to 2,000 lines of code per module | Up to 5,000 lines of code per module |
One-off setup | 6 hours @ $195 +GST $1,170 +GST | ||
Code review | Up to 500 lines of code: 4 hours @ $195 +GST $780 +GST per scripted module | Up to 2,000 lines of code: 16 hours @ $195 +GST $3,120 +GST per scripted module | Up to 5,000 lines of code: 40 hours @ $195 +GST $7,800 +GST per scripted module |
Total hours | 10 | 22 | 46 |
Total cost | $1,950 + GST | $4,290 + GST | $8,970 + GST |
What you get
Our code review packages provide you with a report that identifies all the code issues and gives you recommendations and costings to fix them.
You’ll also have access to:
The digital agency that’s the official service provider of the entire GovCMS platform and program
A highly qualified and experienced digital agency that has delivered over 30 GovCMS projects since 2015
GovCMS product and project delivery specialists with extensive experience in code review, covering both frontend and backend development
GovCMS technical solution architect to provide a high level of technical governance and oversight to your project
Our team goes through your code focusing on:
How well-organised and structured is the code?
Are Drupal coding standards being followed?
Is the Drupal API being used according to best practices (i.e. avoiding querying directly to the database)?
The use of Javascript and CSS libraries, well-formed markup (W3C validator) and accessibility (WCAG 2.0 AA).
Is the right use of PHP logic adopted in template files?
Reviewing audit log files (Drupal watchdog, Apache and PHP logs) for compromised code that leaves warnings and notices.
The assessment includes:
Coding standard compliance check
Code security check for vulnerabilities
Coding patterns
Code performance analysis
Business logic validation check
Cross-browser checks for client-side business logic
Module/code testing in test environment