Source Code Quality¶
We consider code quality to be very serious. We set our standards way above the “good enough” level to deliver a very high quality product.
Pair Programming & Code Reviews¶
Each line of our code is often produced by not only one but two engineers, ensuring design decisions are always subject to debate and approval.
We reinforce this by protecting our master branches and ensuring every new code snippet is reviewed by at least other member of the team in a Pull Request. These discussions are logged for documentation and new member training purposes.
During these code reviews, we’re particularly attentive to some basic concerns that every developers should know such as the top 10 security risks published by the OWASP.
Unit and integration tests are systematically carried out on code that is produced.
Each push of new code is tested against our test portfolio in a new docker container.
Merging development branches into our main branch is not allowed if the tests fail.
Security Dependencies Policy¶
With each weekly release we update our dependencies in order to integrate their latest security patches.
Both services track public vulnerabilities listed on MITRE’s Common Vulnerabilities and Exposures (CVE) site.
When they receive notification of a newly-announced vulnerability, a security alert is sent to us with the details (which part is affected, how to correct it…).
For each alert we receive, a bug ticket is created in our backlog and is attributed a high priority.