Source code quality

We consider code quality very seriously. We set our standards way above the “just good” line to deliver a very high quality product.

Pair programming & code reviews

Each line of our code is often produced by not only one but two engineers, ensuring design decisions are always subject to debate and approved.

We double this by protecting our master branches and forcing every new code to be reviewed by at least one more member of the team in a Pull Request. These discussions are logged for documentation and new member training purposes.

During these code reviews, we’re particularly attentive to some basic concerns that every developers should know such as the top 10 security risks published by the OWASP.

Testing policy

The produced code is tested automatically at unit and integration levels.

Each push of new code is tested against our tests portfolio in a new docker container.

The merge of it in our main branch is not authorized if the tests fail.

Security dependencies policy

We use Github to track and report vulnerabilities in our code dependencies.

GitHub tracks public vulnerabilities listed on MITRE’s Common Vulnerabilities and Exposures (CVE) site.

When GitHub receives a notification of a newly-announced vulnerability, a security alert is sent to us with the details (which part is spotted, how to correct it…).

For each alert we receive, a bug is described in our backlog with a high priority.