Source code quality¶
We consider code quality very seriously. We set our standards way above the “just good” line to deliver a very high quality product.
Pair programming & code reviews¶
Each line of our code is often produced by not only one but two engineers, ensuring design decisions are always subject to debate and approved.
We double this by protecting our master branches and forcing every new code to be reviewed by at least one more member of the team in a Pull Request. These discussions are logged for documentation and new member training purposes.
During these code reviews, we’re particularly attentive to some basic concerns that every developers should know such as the top 10 security risks published by the OWASP.
The produced code is tested automatically at unit and integration levels.
Each push of new code is tested against our tests portfolio in a new docker container.
The merge of it in our main branch is not authorized if the tests fail.
Security dependencies policy¶
With each weekly release we update our dependencies in ordre to integrate their latest security patches.
Both services track public vulnerabilities listed on MITRE’s Common Vulnerabilities and Exposures (CVE) site.
When they receive a notification of a newly-announced vulnerability, a security alert is sent to us with the details (which part is spotted, how to correct it…).
For each alert we receive, a bug is described in our backlog with a high priority.