Atlas Automated Code Review Service

Print Friendly and PDF Follow

Note: The automated code review process is currently in beta testing and is not yet available for all sites. Those without this feature will have code reviews completed manually by Atlas staff following the normal procedure.

Atlas-hosted sites in the PCI environment (those that use a credit card payment gateway) will need to have all web page changes undergo a secure code review before going live to patrons. This process is necessary to maintain PCI compliance and to ensure that there are no security vulnerabilities. Atlas now provides an automated code review service in GitHub that will run an initial scan of your web pages and immediately generate a report to communicate any issues found to assist you with resolving them before the web pages can go live to patrons. This article will provide an overview of this process as well as information on interpreting the results of the scan.

Automated Code Review Scan

The automated code review process will initiate when a pull request is submitted to push changes to your web pages into production. Within about a minute, the automated code review bot will scan your web pages and post a message on the pull request page with the results of the automated review. The scan will look for specific issues, flagging and sorting them by severity into four categories:

  • Critical Issues: These issues must be resolved before your web page changes can go live
  • Warnings: These issues are strongly recommended to be resolved before your web page changes go live
  • Suggestions: These issues are suggested to be resolved at the earliest opportunity
  • Manual Review: These issues must be manually reviewed by Atlas staff before going live
For the complete list of issues that the code review bot will flag after completing its scan, see Resolving Issues in the Automated Code Review Report.
Note: The automated code review service will not automatically approve a pull request if no issues are found. All pull requests will undergo a final check by Atlas staff before they are approved and your changes are made live to patrons.

Code Review Outcomes

Depending on the types of issues found, you will see one of three potential outcomes when the code review bot completes its scan:

  • All checks have passed, 1 successful check: If no issues are found, you will see a message stating that all checks have passed with a green checkmark. A detailed automated code review report will not be generated. No action is required and you will be notified when your web page changes are made live by Atlas staff:

    Code_Review_Success.png

  • All checks have passed, 1 neutral check: If no critical issues are found, you will see a message stating that all checks have passed with an additional message generated by the code review bot indicating any less severe issues that may need to be addressed and a link to the detailed automated code review report. No action is required for your pages to go live, however, it is strongly recommended that these issues are resolved as soon as possible:

    Code_Review_Neutal_Result.png

  • All checks have failed, 1 action required check: If at least one critical issue is found, you will see a message stating that all checks have failed with an additional message from the code review bot containing a link to the detailed automated code review report. Your pages will not go live until all critical issues are resolved:

    Code_Review_Failure.png

Automated Code Review Report

If any issues are found, you will be provided a link to the code review report listing each issue, the location of the issue on your web pages, and some details on the suggested resolution.

Overview

The top of the report will list the number of issues found categorized by severity. Clicking the dropdown arrow will list the specific issues found in each category:

Code_Review_Report_Categories.png

Issue Details

Individual issues will be listed under each top-level severity category. The issue details section will contain:

  • A description of the issue and suggested resolution
  • The specific file and line number containing the issue
  • A View Code button that can be clicked to display the code causing the issue
    • Note that this button is not available for the Mismatched Tags issue

Issue_Details.png

Resolving Issues Flagged by the Code Review Bot

Issues flagged by the code review bot and listed in the automated code review report should be resolved as soon as possible to ensure that your web pages meet accessibility requirements and provide a user-friendly experience for your patrons. Critical issues must be resolved before your web page changes can go live. Atlas will not push any changes into production if the pull request has failed the code review due to critical issues in your web pages. To resolve issues:

  1. After the code review bot completes its scan, review the results and note any critical issues that must be immediately resolved.
  2. If additional issues were found, review the automated code review report and determine if any non-critical issues should be resolved before the new web pages go live.
  3. Close the pull request if it is determined that any of the flagged issues must be resolved before the new pages go into production.
  4. Navigate back to your forked repository and use the automated code review report to locate each issue, then follow the guidance in the Resolving Issues in the Automated Code Review Report article to edit the associated file(s) and resolve the issue(s).
  5. Once all issues are resolved, submit a new pull request. The automated code review bot will run another scan.
  6. Review the results of the scan and determine if all immediate issues have been resolved:
    • If immediate issues remain, repeat steps 3-5 until these issues are resolved.
    • If a manual review is required for any new code, Atlas staff will review the code and contact you if any issues are found
  7. If no issues are found or all critical issues have been resolved, Atlas staff will perform a final review and you will be notified when the changes are made live. 

 

Questions?

If this article didn’t resolve your issue, please contact Atlas Support for assistance:

Contact Support