Source Code Audit

Access quality of own or legacy code.

Find problems before they appear in production.

 

The goal of a source code audit is to assess the quality of a client system source code. Each assessment focuses on four major aspects – reliability, performance, maintainability and security.

During the audit e-point experts utilize both automated tools to generate static code analyses as well as manual code inspections. At customer request, experts can also inspect systems during runtimes in either test or production environments.

e-point audits can be performed remotely or onsite, in accordance with client needs.

Why Audit Source Code?

Whenever you assume an existing software system as part of a project take over, or just want to check the quality of your own software – we can help.

Bugs are everywhere!

  • all software contains bugs
  • some bugs  impact security
  • others cause system failures
  • repercussions can cost millions

Benefits of Source Code Audit

  • automated audit is fast and precise
  • manual audit provide in-depth insights
  • both provide insurance against unexpected problems during project takeovers

Source code audit - the process

 

1. Static Code Analysis Tools

At start of Audit e-point uses static code analysis tools (like SonarQube) to obtain overview of overall code quality and identify problem areas.

2. Test Case Assessment & Code Runs

If unit tests are utilized and building instructions provided, tests are executed and results are compiled. Test quality is assessed.

3. Runtime Inspections

If requested, code is executed in customer test environment. Memory and CPU consumption are assessed together with logging configuration and logs quality.

4. Manual Code Inspection

e-point experts review code, line by line, and document potential problems. They also assess the overall software architecture as well as potential security problems.

5. Specialized Code Inspection

If requested, three types of specialized code reviews are performed: Web (SEO, URLs, mobile), Backend (concurrency, messaging, performance), Architecture (layers, maintainability, loose coupling).

6. Report Preparation

Compile final assessment and recommendations.

Service plans possible

* Multiple configurations possible