Contact us
First Floor, 159 Victoria Pde
Collingwood, VIC 3066
(Google Map)
1300 727 952
or
+61 3 9910 4099
Code review
Optimise your site/module code to follow best practice to improve stability, performance, security and maintainability. Salsa’s code review services take a deep dive into the code behind your site to ensure it’s optimised and follows Drupal/GovCMS best practice.
What is GovCMS?
GovCMS is a whole-of-government open source web content management system designed by government for government and hosted on a secure public cloud. Find out more about GovCMS
Why you might need a code review
There are many reasons you might need a code review, such as:
-
Maintenance liability: Your code is poorly constructed and difficult to maintain and/or extend/enhance.
-
Undocumented: Your site and the code behind it has been built without any documentation and you need to understand how it's built for: BAU management, security reviews and patching, or undertaking enhancements.
-
Developers have moved on: Your developers (in-house or external vendors) have left and you need someone to review and understand/document your code.
-
Poor performance: Your site is performing poorly and a code review will help you identify bottlenecks/issues/pain-points and plan step-by-step resolution(s).
-
Deprecated code: Your site code needs an upgrade, your site may have been built some time ago and coding techniques and standards have progressed, so new modules or functionality are not currently compatible.
-
Fragmented: Your site has been built function-by-function and so there is little overall cohesion and structure to the code causing potential instability or incompatibility with other modules or functions.
-
Security vulnerability: Your site has a security vulnerability and you need to review the code to identify any issues and establish an effective mitigation resolution/strategy.
Benefits of a code review
Benefits of a code review include:
-
Clean and best practice code, which leads to better site performance across a variety of areas.
-
Documented code to allow developers to understand the site design, architecture, and available functionality to allow and plan enhancements.
-
Performance following best practice coding and functional structures to create a faster more efficient site for users
-
Maintenance is manageable with a known codebase to ensure security vulnerabilities are patched and improved overall health of the system.
-
Compliance standards are being met such as WCAG compliance, DTA design systems and digital service standards (DSS).
-
Security risk profile is known and mitigation strategies in place where required for cyber safety.
Engagement process
Our engagement process is outlined below:
-
Review questionnaire or brief: Agency to complete a light questionnaire (or send Salsa a high level project brief) reflecting basic requirements and/or project key business drivers.
-
Intake and alignment: Salsa conducts a free 30-45 minute intake phone call to align on scope, expectations and overall engagement requirements based on the questionnaire or brief.
-
Project setup
-
Environment setup and assessment tooling
-
Conduct code/module review
-
Produce code/module checklist report covering issues, criticality and recommendations
-
Produce optional cost estimates for remediation
-
Report handover and optional stakeholder presentation
Outputs
As part of the code review, you’ll receive:
-
Checklist report including criticality indicator for critical, high priority, medium priority and low priority findings
-
Issue identification and/or potential areas of attention
-
Recommendations and/or suggested remediations
-
High level costings on implementing suggested recommendations/remediations (optional)
Outcomes
The code review delivers:
-
Performance improvements with an efficient code base using clean and best practice coding standards to create a faster, more efficient site for users.
-
Roadmap for enhancements and continuous improvement with well-documented code for developers to plan enhancements with a good understanding of the site design, architecture, and current functionality.
-
Well-maintained and healthy system, robust from security vulnerabilities being regularly patched for version and security updates.
-
Compliant, meeting or exceeding required compliance standards including WCAG AA, DTA design systems, and digital service standards (DSS).
-
Improved security with a known risk profile that addresses and contains mitigation strategies against potential cyber attacks.
Fixed price packages
Simple |
Intermediate |
Complex |
|
Features |
Up to 500 lines of code per module |
Up to 2,000 lines of code per module |
Up to 5,000 lines of code per module |
One-off setup |
6 hours @ $195 +GST $1,170 +GST |
||
Code review |
Up to 500 lines of code:
4 hours @ $195 +GST
$780 +GST per scripted module |
Up to 2,000 lines of code:
16 hours @ $195 +GST
$3,120 +GST per scripted module |
Up to 5,000 lines of code:
40 hours @ $195 +GST
$7,800 +GST per scripted module |
Total hours |
10 |
22 |
46 |
Total cost |
$1,950 + GST |
$4,290 + GST |
$8,970 + GST |
What you get
Our code review packages provide you with a report that identifies all the code issues and gives you recommendations and costings to fix them.
You’ll also have access to:
-
The digital agency that’s the official service provider of the entire GovCMS platform and program
-
A highly qualified and experienced digital agency that has delivered over 30 GovCMS projects since 2015
-
GovCMS product and project delivery specialists with extensive experience in code review, covering both frontend and backend development
-
GovCMS technical solution architect to provide a high level of technical governance and oversight to your project
Our team goes through your code focusing on:
-
How well-organised and structured is the code?
-
Are Drupal coding standards being followed?
-
Is the Drupal API being used according to best practices (i.e. avoiding querying directly to the database)?
-
The use of Javascript and CSS libraries, well-formed markup (W3C validator) and accessibility (WCAG 2.0 AA).
-
Is the right use of PHP logic adopted in template files?
-
Reviewing audit log files (Drupal watchdog, Apache and PHP logs) for compromised code that leaves warnings and notices.
The assessment includes:
-
Coding standard compliance check
-
Code security check for vulnerabilities
-
Coding patterns
-
Code performance analysis
-
Business logic validation check
-
Cross-browser checks for client-side business logic
-
Module/code testing in test environment
Related news
Salsa Digital Drupal Development Best Practices Guide
Our Drupal Development Best Practices Guide is a technical white paper that provides detailed insights into creating and developing enterprise-grade Drupal projects.
ReadBest practice for custom requirements
Often when looking at open source options like Drupal, GovCMS or CKAN, the core modules don’t meet all your requirements. So what’s the best practice for implementing your required functionality?
ReadDeveloper experience
Developer experience and codebase control are essential elements for any digital project. Salsa projects are built on standardised and proven development processes and tools. This delivers rapid deployments, greater predictability, reduced risk of regression errors and overall developer confidence and happiness.
ReadWeb applications security #1
This three-part blog series reviews and discusses the security of web applications. This first blog examines a secure process.
ReadWeb applications security # 2 — Five steps to maintain passive security
This three-part blog series reviews and discusses the security of web applications. This blog looks at how to protect your web application from a variety of web-based attacks through passive security.
ReadSecurity at every level
Our three-part blog series reviews and discusses the security of web applications. This third and final blog in the series looks at how to protect your web application from a variety of web-based attacks through active security.
ReadDrupal Installation Profile and Distributions
Drupal developer? Make your life easier and use Drupal Distributions!
ReadHow to improve website accessibility
Site accessibility is an important feature of any website, to make sure everyone can access your site. Below are some important accessibility issues to think about and some tips. The W3C’s Web Content Accessibility Guidelines (WCAG) provide an excellent standard, as does the DTA’s Digital Service Standard.
ReadOther GovCMS services
Salsa’s other fixed price GovCMS services include:
Website assessments and advisory services Make an informed decision on whether GovCMS is right for you. |
|
Website rehosting and installation Migrate your Drupal site onto a resilient, secure, monitored and fully managed public cloud platform backed by a 99.95% uptime SLA. |
|
GovCMS theme development and enhancement services Theme your GovCMS Drupal site to represent your agency’s brand and visual look and feel |
|
Content migration and consolidation Migrate your proprietary and/or legacy site onto Drupal GovCMS backed by a resilient, secure, monitored and fully managed public cloud platform with a 99.95% uptime SLA. |
|
Site audits and technical reviews Site audits and technical reviews help you identify any problems in your site, including security and performance issues. |
|
Make sure your site is accessible by all users and optimised to be viewed on different devices and internet browsers. |
|
Ongoing GovCMS application support Whether you’re on GovCMS SaaS or PaaS, ongoing GovCMS application support ensures the application layer for your website continues to remain secure and up-to-date (PaaS only), while also allowing you to build new enhancements and ad-hoc features. |
|
Salsa provides user testing packages across visitor experience, content author experience, and user acceptance testing (UAT). |
|
Build and host a new site quickly on a resilient, secure, monitored and fully managed public cloud platform backed by a 99.95% uptime SLA, leveraging GovCMS’s ‘out-of-the-box’ features. |
Use the form below or call us on 1300 727 952 for an obligation-free chat about your agency’s GovCMS needs.