Submit Search
Upload
The Testers' Secret Weapon - Code Reviews
•
0 likes
•
2 views
Bertold Kolics
Follow
Presentation slides from HUSTEF '2023.
Read less
Read more
Software
Report
Share
Report
Share
1 of 26
Download now
Download to read offline
Recommended
A Tester's Life
A Tester's Life
Bertold Kolics
[DevDay2018] Embrace the challenge – working as a developer in Content Manage...
[DevDay2018] Embrace the challenge – working as a developer in Content Manage...
DevDay.org
ASPgems company profile
ASPgems company profile
Agustin Cuenca
Building Sustainable Software: An Introduction to Software Engineering
Building Sustainable Software: An Introduction to Software Engineering
Muhammad Shehata
Moving towards a more efficient and flexible delivery model in automotive env...
Moving towards a more efficient and flexible delivery model in automotive env...
Agustin Benito Bethencourt
Software Project management
Software Project management
sameer farooq
Multi project security exception reports - Oracle Primavera P6 Collaborate 14
Multi project security exception reports - Oracle Primavera P6 Collaborate 14
p6academy
Introduction to Software Engineering
Introduction to Software Engineering
SADEED AMEEN
Recommended
A Tester's Life
A Tester's Life
Bertold Kolics
[DevDay2018] Embrace the challenge – working as a developer in Content Manage...
[DevDay2018] Embrace the challenge – working as a developer in Content Manage...
DevDay.org
ASPgems company profile
ASPgems company profile
Agustin Cuenca
Building Sustainable Software: An Introduction to Software Engineering
Building Sustainable Software: An Introduction to Software Engineering
Muhammad Shehata
Moving towards a more efficient and flexible delivery model in automotive env...
Moving towards a more efficient and flexible delivery model in automotive env...
Agustin Benito Bethencourt
Software Project management
Software Project management
sameer farooq
Multi project security exception reports - Oracle Primavera P6 Collaborate 14
Multi project security exception reports - Oracle Primavera P6 Collaborate 14
p6academy
Introduction to Software Engineering
Introduction to Software Engineering
SADEED AMEEN
Defensive API programming techniques for Gophers
Defensive API programming techniques for Gophers
Bertold Kolics
From class to architecture
From class to architecture
Marcin Hawraniak
Technical Practices for Agile Engineering - PNSQC 2019
Technical Practices for Agile Engineering - PNSQC 2019
Moss Drake
Info dev flexibility in agile
Info dev flexibility in agile
Alyssa Fox
Agile process
Agile process
SatishreddyMandadi
MuleSoft Surat Virtual Meetup#17 - Automated Code Review
MuleSoft Surat Virtual Meetup#17 - Automated Code Review
Jitendra Bafna
DevSecCon Boston 2018: Technical debt - why I love it by Mike Bursell
DevSecCon Boston 2018: Technical debt - why I love it by Mike Bursell
DevSecCon
The tester's dilemmas
The tester's dilemmas
SQALab
Legacy code development and maintenance
Legacy code development and maintenance
Denis Kondratenko
Prashant technical practices-tdd for xebia event
Prashant technical practices-tdd for xebia event
Xebia India
Architecture in action 01
Architecture in action 01
Krishna Sankar
Pull requests do's and don'ts
Pull requests do's and don'ts
Arie Bregman
Software Engineering Primer
Software Engineering Primer
Georg Buske
Open Governance for Tizen 3.0
Open Governance for Tizen 3.0
Ryo Jin
Design and Development of Hybrid Storage Shelf
Design and Development of Hybrid Storage Shelf
IRJET Journal
Hindu guid3 hwige owhop euueye uwowiei huideeh hwiw
Hindu guid3 hwige owhop euueye uwowiei huideeh hwiw
ssuser2cde60
PROCESS MODELS.ppt
PROCESS MODELS.ppt
DrTThendralCompSci
Tales from the trenches creating complex distributed systems
Tales from the trenches creating complex distributed systems
Particular Software
8220 sad inquiry
8220 sad inquiry
bbass03
Lecture 02 - Development Methodologies.pptx
Lecture 02 - Development Methodologies.pptx
elham706227
Taskfile - makefiles are fun again
Taskfile - makefiles are fun again
Bertold Kolics
Email privacy
Email privacy
Bertold Kolics
More Related Content
Similar to The Testers' Secret Weapon - Code Reviews
Defensive API programming techniques for Gophers
Defensive API programming techniques for Gophers
Bertold Kolics
From class to architecture
From class to architecture
Marcin Hawraniak
Technical Practices for Agile Engineering - PNSQC 2019
Technical Practices for Agile Engineering - PNSQC 2019
Moss Drake
Info dev flexibility in agile
Info dev flexibility in agile
Alyssa Fox
Agile process
Agile process
SatishreddyMandadi
MuleSoft Surat Virtual Meetup#17 - Automated Code Review
MuleSoft Surat Virtual Meetup#17 - Automated Code Review
Jitendra Bafna
DevSecCon Boston 2018: Technical debt - why I love it by Mike Bursell
DevSecCon Boston 2018: Technical debt - why I love it by Mike Bursell
DevSecCon
The tester's dilemmas
The tester's dilemmas
SQALab
Legacy code development and maintenance
Legacy code development and maintenance
Denis Kondratenko
Prashant technical practices-tdd for xebia event
Prashant technical practices-tdd for xebia event
Xebia India
Architecture in action 01
Architecture in action 01
Krishna Sankar
Pull requests do's and don'ts
Pull requests do's and don'ts
Arie Bregman
Software Engineering Primer
Software Engineering Primer
Georg Buske
Open Governance for Tizen 3.0
Open Governance for Tizen 3.0
Ryo Jin
Design and Development of Hybrid Storage Shelf
Design and Development of Hybrid Storage Shelf
IRJET Journal
Hindu guid3 hwige owhop euueye uwowiei huideeh hwiw
Hindu guid3 hwige owhop euueye uwowiei huideeh hwiw
ssuser2cde60
PROCESS MODELS.ppt
PROCESS MODELS.ppt
DrTThendralCompSci
Tales from the trenches creating complex distributed systems
Tales from the trenches creating complex distributed systems
Particular Software
8220 sad inquiry
8220 sad inquiry
bbass03
Lecture 02 - Development Methodologies.pptx
Lecture 02 - Development Methodologies.pptx
elham706227
Similar to The Testers' Secret Weapon - Code Reviews
(20)
Defensive API programming techniques for Gophers
Defensive API programming techniques for Gophers
From class to architecture
From class to architecture
Technical Practices for Agile Engineering - PNSQC 2019
Technical Practices for Agile Engineering - PNSQC 2019
Info dev flexibility in agile
Info dev flexibility in agile
Agile process
Agile process
MuleSoft Surat Virtual Meetup#17 - Automated Code Review
MuleSoft Surat Virtual Meetup#17 - Automated Code Review
DevSecCon Boston 2018: Technical debt - why I love it by Mike Bursell
DevSecCon Boston 2018: Technical debt - why I love it by Mike Bursell
The tester's dilemmas
The tester's dilemmas
Legacy code development and maintenance
Legacy code development and maintenance
Prashant technical practices-tdd for xebia event
Prashant technical practices-tdd for xebia event
Architecture in action 01
Architecture in action 01
Pull requests do's and don'ts
Pull requests do's and don'ts
Software Engineering Primer
Software Engineering Primer
Open Governance for Tizen 3.0
Open Governance for Tizen 3.0
Design and Development of Hybrid Storage Shelf
Design and Development of Hybrid Storage Shelf
Hindu guid3 hwige owhop euueye uwowiei huideeh hwiw
Hindu guid3 hwige owhop euueye uwowiei huideeh hwiw
PROCESS MODELS.ppt
PROCESS MODELS.ppt
Tales from the trenches creating complex distributed systems
Tales from the trenches creating complex distributed systems
8220 sad inquiry
8220 sad inquiry
Lecture 02 - Development Methodologies.pptx
Lecture 02 - Development Methodologies.pptx
More from Bertold Kolics
Taskfile - makefiles are fun again
Taskfile - makefiles are fun again
Bertold Kolics
Email privacy
Email privacy
Bertold Kolics
Password Managers - Lastpass
Password Managers - Lastpass
Bertold Kolics
Make DevOps inclusive
Make DevOps inclusive
Bertold Kolics
GitHub Actions demo with mabl
GitHub Actions demo with mabl
Bertold Kolics
Improve quality culture using visualization
Improve quality culture using visualization
Bertold Kolics
Funnels of Hiring Test Engineers
Funnels of Hiring Test Engineers
Bertold Kolics
Session Based Testing Made Fun
Session Based Testing Made Fun
Bertold Kolics
More from Bertold Kolics
(8)
Taskfile - makefiles are fun again
Taskfile - makefiles are fun again
Email privacy
Email privacy
Password Managers - Lastpass
Password Managers - Lastpass
Make DevOps inclusive
Make DevOps inclusive
GitHub Actions demo with mabl
GitHub Actions demo with mabl
Improve quality culture using visualization
Improve quality culture using visualization
Funnels of Hiring Test Engineers
Funnels of Hiring Test Engineers
Session Based Testing Made Fun
Session Based Testing Made Fun
Recently uploaded
EY_Graph Database Powered Sustainability
EY_Graph Database Powered Sustainability
Neo4j
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
ICS
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need It
Wave PLM
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdf
joe51371421
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
soniya singh
Professional Resume Template for Software Developers
Professional Resume Template for Software Developers
Vinodh Ram
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio, Inc.
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
BradBedford3
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
kellynguyen01
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
kalichargn70th171
Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...
aditisharan08
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
MyIntelliSource, Inc.
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
Ortus Solutions, Corp
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
MyIntelliSource, Inc.
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
VICTOR MAESTRE RAMIREZ
XpertSolvers: Your Partner in Building Innovative Software Solutions
XpertSolvers: Your Partner in Building Innovative Software Solutions
Mehedi Hasan Shohan
Asset Management Software - Infographic
Asset Management Software - Infographic
Hr365.us smith
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
bodapatigopi8531
cybersecurity notes for mca students for learning
cybersecurity notes for mca students for learning
VitsRangannavar
Recently uploaded
(20)
EY_Graph Database Powered Sustainability
EY_Graph Database Powered Sustainability
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need It
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdf
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Professional Resume Template for Software Developers
Professional Resume Template for Software Developers
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
XpertSolvers: Your Partner in Building Innovative Software Solutions
XpertSolvers: Your Partner in Building Innovative Software Solutions
Asset Management Software - Infographic
Asset Management Software - Infographic
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
cybersecurity notes for mca students for learning
cybersecurity notes for mca students for learning
The Testers' Secret Weapon - Code Reviews
1.
© 2023 Verosint.
All rights reserved. © 2023 Verosint. All rights reserved. The Testers’ Secret Weapon - Code Reviews Bertold Kolics HUSTEF 2023 - Budapest, October 4, 2023 1
2.
© 2023 Verosint.
All rights reserved. My Context ● Question Asker, Bulldog Engineer ● Not a Gatekeeper ● Verosint - small startup < 20 employees ○ SaaS business ○ We detect & prevent online account fraud ● Past ○ mabl (e2e test automation as a service) - small ○ CS Disco (legal tech) - medium ○ ESO Solutions (healthcare) - medium ○ Ping Identity / UnboundID - small/medium ○ Sun Microsystems - large ○ SZTAKI - medium 2
3.
© 2023 Verosint.
All rights reserved. Definition ● What: review code for completeness and correctness ● When: prior to integration into product ● Form of static testing* ● Informal vs. formal ○ mind the context ● Synchronous ○ in-person/virtual walkthrough ○ peer or mob programming ● Asynchronous ○ out of band review typically in the form of a pull request ● Participants: ○ author: engineering (development, test, even ops) ○ reviewer: engineering, ops, technical writers 3 Image credit: Wilfredo Lee/AP/REX/Shutterstock.com
4.
© 2023 Verosint.
All rights reserved. Why Accelerate the Achievement of Shippable Quality source: https://www.moderntesting.org/ Code reviews: ● Create shared understanding ● Reduce rework ● Help instill best practices ● Opportunity to learn from others, teach & train ● Influences outcome ● Gels the team when done properly as we rarely work in isolation 4 Remember: soft skills are the hard skills
5.
© 2023 Verosint.
All rights reserved. Case Study: Sun Microsystems ● Year: 2003. Event: acquisition of Waveset. ● Role: developer ● QA team and technical writers under separate management structure. ● Product: highly-customizable identity provisioning, on-prem ● Process: throw it over the wall ● Initial state ○ frequent patch releases (multiple times a week), regressions ○ implementation with lots of shortcuts, unsuitable for quick ramp of new customers ○ core engineering involvement 5 Image credit: John Anju
6.
© 2023 Verosint.
All rights reserved. Case Study: Sun Microsystems - Review Process ● End state ○ max once a month patch release managed by sustaining team ○ design reviews for features ○ longest code review template ever ○ significantly higher quality / throughput ● Code review template forced developers to ○ communicate and create shared understanding ○ slow down: have you heard “slow down to speed up” before? ○ carefully consider all aspects of the changes ○ get buy-in: plan changes first, code next 6 Build the right it & build it right.
7.
© 2023 Verosint.
All rights reserved. Case Study: Sun Microsystems - Process ● Developer ○ clarifies requirements if necessary with product or engineering manager ○ consults test specialists if necessary ○ implements increment including tests and changes to documentation ○ tests code manually and with automated tests ○ fills out code review template ○ solicits feedback, revises code ○ integrates change ○ addresses any test failures ○ updates ticket in issue management system: details, links to source changes, etc ● Template reflecting the above process 7
8.
© 2023 Verosint.
All rights reserved. Case Study: Sun Microsystems - Template ● Contents: ○ Summary of the issue ○ Alternatives considered ○ Details about solution implemented ○ Impact (cross-cutting concerns) ■ performance, scalability, security, accessibility ○ Net new tests implemented ○ Release notes and notes on updating product documentation ● Details about implementation copied into issue manager ○ QA team - all over the moon 😍 ○ Technical writers - no longer felt neglected 8 Image credit: Teams of Distinction
9.
© 2023 Verosint.
All rights reserved. Case Study: ESO Solutions ● Year: 2017. Context: leading QA practice for multiple development teams. ● Company: ~200 employees ● Product: electronic health record, SaaS, US customers only ● Team structure: ○ cross-functional, 2-pizza sized: product manager, developers, test engineers ○ matrix organization ○ 2 test engineer / team: SDET and traditional QA ● Process: scrum with planning/standup/retro ceremonies, 2-week cycle ● Key elements: ○ co-located teams - sitting in close proximity ○ review format: most often pairing driven by short delivery cycles ○ evolving test automation engineers to own framework instead of feature automation 9
10.
© 2023 Verosint.
All rights reserved. © 2023 Verosint. All rights reserved. In The Trenches 10
11.
© 2023 Verosint.
All rights reserved. Practices that worked for me ● Don’t lose sight of the goal ● Don’t make it personal ● Be curious ● Teach & learn ● Pick your battles ● Size matters ● Time - yours and theirs, interruptions ● Reviewed code is not bug free code 11 Image credit: png image from pngtree.com Remember: more time spent on reading code than writing
12.
© 2023 Verosint.
All rights reserved. Extent of Code Changes ● The brain cannot keep focused on large code changes ○ too much changes lead to subpar reviews ● Keep code changes under 400 lines 12 Image credit: IMDB
13.
© 2023 Verosint.
All rights reserved. Code Walkthroughs ● Consider code walkthroughs for new features, large changes ● Best if accompanied by ○ READMEs ○ Drawings / sketches ○ Example code / automated tests ○ Whiteboard ● In person or over Zoom ● Allow time for questions 13
14.
© 2023 Verosint.
All rights reserved. Before Code Reviews ● Run static analyzers ○ Helps reviewers focus on higher level concerns ● Ensure that automated tests are passing ○ Helps reduce the requests for reviewing code changes again 14 Image credit: Wikipedia
15.
© 2023 Verosint.
All rights reserved. Avoid Interruptions ● Interruptions are productivity killers ● Bundling technique ○ work interruptions limited to certain days or part of the day ○ for example: code reviews daily after standup ● Get your ducks in the row before requesting review ○ respect the time and interruptions code review ● Anti-pattern example: ○ requesting a review multiple times for multiple revisions in the same pull request 15
16.
© 2023 Verosint.
All rights reserved. Checklists / Templates to The Rescue ● Sets expectations ● Easier for reviewers to follow a consistent format ● May be specific to a repository 16
17.
© 2023 Verosint.
All rights reserved. Exceptions Are OK, too ● Consider relaxing code review requirements without sacrificing quality ● Examples: ○ 1-line code change ○ Changing only message catalog keys ○ Updating project README 17
18.
© 2023 Verosint.
All rights reserved. Overcommunicate ● Don’t forget to set the context ● Links are helpful ○ tickets ○ design documents ○ decisions records ● Add your own code review comments in areas ○ where implementation choice may not be clear ○ where additional considerations were needed ● Eliminates back-and-forth ● Sometimes I mention: “I am not a Vulcan, I cannot mind-meld” ● Anti-pattern example: ○ 10-line code comment to explain a complex conditional 18
19.
© 2023 Verosint.
All rights reserved. © 2023 Verosint. All rights reserved. What’s In It For Me? 19
20.
© 2023 Verosint.
All rights reserved. Testing Specialists ● Make yourself more valuable to the team ○ coaching developers on testing ○ removing yourself eventually as the bottleneck ○ shorten the feedback loop ● Learn programming ○ reading is easier first than writing ● When done properly ○ code reviews create another collaborative venue ○ foster shared understanding ○ gel the team 20
21.
© 2023 Verosint.
All rights reserved. Developers ● Opportunity to learn testing techniques ○ testing - especially feature-level - is a must-have skill, not a dedicated job ● Opportunity to share knowledge between developers ○ junior developers, interns can learn best practices to use, patterns to follow ○ senior developers can exercise their coaching, technical leadership skills ● Less rework, more new work ○ do you prefer fixing bugs or develop new features? Most will pick the latter. ● Think value ○ you are not valued on the # of lines of code you produce ○ reviews help to focus our efforts 21
22.
© 2023 Verosint.
All rights reserved. Leaders ● Make it part of the software development lifecycle ○ will also pay dividends when customers ask about development practices ● Code reviews can ○ gel the team, ○ provide growth professionally to team members, ○ increase the value the team delivers 22
23.
© 2023 Verosint.
All rights reserved. © 2023 Verosint. All rights reserved. Wrapping It Up 23
24.
© 2023 Verosint.
All rights reserved. Key Takeaways ● Code reviews are an essential part of the software development life cycle ● Can be done in many shapes and forms ○ having an agreed upon process appropriate for the context is key ● When done properly, it ○ helps create shared understanding, ○ becomes a powerful teaching tool, ○ provides a platform for coaching testing as well as development skills, ○ gels the team 24
25.
© 2023 Verosint.
All rights reserved. Resources ● My Code Review Guidelines ● Newsletters ○ The Pragmatic Engineer by Gergely Orosz ○ The Beautiful Mess by John Cutler ● Podcasts ○ A/B Testing ○ Testing Peers ○ Maintainable Software ● Books ○ Your Code As A Crime Scene (2nd edition coming) ○ Software Design X-Rays ○ Clean Code: A Handbook of Agile Software Craftsmanship ○ SmartBear’s Best Practices and e-book ○ User Story Mapping ○ Accelerate 25 bit.ly/hustef2023
26.
© 2023 Verosint.
All rights reserved. © 2023 Verosint. All rights reserved. Thank you 26
Download now