An in-depth analysis of your system's health
For many projects, clients hire us to only run code audits. In other cases, we inherit legacy code, and going through a code audit is a requirement for working with us.
With time and repeated experience, we refined and strategized our audit process. It's now a distinct work product that we offer to clients on its own.
Why do we do it? Accountability!
As said, we often get projects that were created by other teams — sometimes in-house techs and sometimes offshore providers. In these cases, clients ask us to just take over the work or to only fix the problems. But we don't work like that.
The reality is that whenever we work on any project, we're accountable for it in its entirety. We take over responsibility for the soundness of the technology, even if someone else built it. That means we dig deep into existing architecture to make sure it's done right. Even when clients only ask for limited work on existing platforms, we know they expect a high-quality final product. We hold ourselves to high standards that meet their expectations and ours.
Before we write a single line of code, we need to know what we're working on. We don't get started until we fully understand the project's architecture in its current form. Then we assess what needs to be done to fix bugs and meet our clients' requirements. Our team of experts makes sure your platforms and apps don't just get the job done. We provide the latest, cutting-edge technology, so you get the best possible software products and services.
Some of the questions we ask
We begin work on your project by asking these questions and more:
- Are there any built-in tests in this project? Examples are hardware tests for RAM, security pen tests, and software quality assurance tests. What specific aspects of the project do the tests cover?
- Are any static analysis tools being used to identify code constructions known to cause software errors? Are any code smell detectors integrated to spot symptoms of deeper problems?
- Has this project had an orderly development process with a meaningful, documented history on GitHub? If it has code reviews, are they positive?
- Does the technology do the work it was built for? And if it does, is it efficient, cost-effective, and scalable?
- Are there any load tests built into the project determine maximum operating capacity and expected system behavior? Based on those tests, where is app's the breaking point?
- Is this project in sound enough condition to keep the existing code and architecture? Or do we recommend building it from scratch?
- What's the best investment of our time and resources to fit the clients' business needs?
At Creative.ae, our code quality and architecture standards are extremely high. We continuously improve and polish our processes and quality requirements. Our results reflect the knowledge and skill built through many years of learning, growing, and refusing to settle for less.
Our Code Audit Process
Our thorough code audit takes about one week and has several phases:
- 1. Introduction
- We start by meeting with you to identify key business goals and document the an agreed-upon process that we'll follow. We learn and work with your entity's specific needs. For example, startups and SMBs don't have the same business goals as an enterprise-grade software company.
- 2. Software architecture assessment
- We review the project's code and analyze how it's organized from a high-level perspective. We document all its moving parts. Examples are frontends and backends, containers, data planes, certificates, and drivers. Then we provide general insights on the health and functionality of the code and the network architecture platform that it creates.
- 3. Static code analysis
- We test each component in the project with a set of static analysis tools. We check for code duplication, security problems, cyclomatic complexity, and other issues. The toolset depends on the code's programming languages. Some tool examples are CodeClimate, Pylint, CSSLint, RailsBestPractices, Reek, Rubocop, and ESLint.
- 4. Manual inspection
- The human factor is of utmost importance in a manual inspection. For each language or component, our expert senior developers analyze the project's code and document their findings. The previous code analysis step can partly guide this inspection. But the subjective conclusions of a knowledgeable, highly trained professionals are key. During this inspection, we also analyze database design, data structure, and test coverage.
- 5. Infrastructure and scalability
- We check for potential bottlenecks in the code. These blocking sources can combine with weak or flawed infrastructure to cause scalability or other problems with system function.
- 6. Process
- We look closely at the data repository. What process was followed to create the code? What code, performance, and security testing practices were implemented? What level of automation was built into the project?
- 7. Security & Security & Security
- The ultimate nightmare for any busniess is to wake up oneday to find that your digital platform has been hacked or compromised. At Creative.ae, we have senior developers to inspect your code looking for any possible security breach. We run extensive security tests and cyber attacks senarios to find out any security hole in the code and seal it for ever. Our security audit team work will keep you give you peace of mind, knowing that you have a bullit proof platform.
- 8. Action items
- Last, but not least important, we propose action items for the project. Sometimes, we recommend refactors or changes, so we can take over the code confidently. We'll implement these changes, but we make it clear that we only do feature revision, not development. At some other times, we find that your project has been already built perfectly, thus we stamp it with our quality assurance certificate. At other times, we determine that the best solution is to rewrite the code from scratch. Unfortunately, it's common to find that things weren't done right the first time.
Accepting the outcome
At times, it can be hard for clients to accept the outcomes of our audit process. Some clients don't want to hear that their project needs a complete overhaul. These clients might even find another tech service company that says the code is good enough, and they'll take over the project and work with its existing platform.
But at Creative.ae, we aren't "yes men." We'll never take over projects that need extensive work and then only apply quick-fix "band-aids" that keep you struggling with bugs forever. That's why we created a work process that includes in-depth analysis and a detailed action plan to repair and upgrade your project permanently.