https://spectralops.

io/ Spectral offers one of the most comprehensive secret scanning solutions out ther
every facet of the build process. Whether it’s a static build, pre-commit to Git, or C
offers simple integration options that can be enhanced using plugins and hooks.
In addition, Spectral scans Git repositories not just for configuration issues and se
code, but also for logs, binaries, and other data in the codebase which you may n
a potential leak source. The AI and Machine Learning algorithms used by Spectra
technology ensure that detection rates increase and false positives rates decreas
time as more data is processed by the system.

Start protecting your secrets with SpectralOps

et scanning solutions out there, integrating into
c build, pre-commit to Git, or CI integration, Spectral
ed using plugins and hooks.
or configuration issues and secrets lurking in the
e codebase which you may not intuitively think of as
ng algorithms used by Spectral’s secret scanning
false positives rates decrease continuously over
How to use this checklist generator:
In the "Checklist Generator" tab pick the items you want to add to your self-review and / or reviewer checklist.
Add your own project-specific items on this tab under the Organization Specific header
To see your auto-generated checklist simply switch oven to the Self Review or Reviewer tabs. They will be po
Use the generated checklists to streamline code review processes for everyone by selecting Yes or No from t
 Universal Issues
Can you understand the code without the coder explaining it?
Are packages, namespaces and dependencies in order?
Does the code change achieve the desired result simply and effectively?
Does the code formatting and styling adhere to your organization's standards?
Are there any good code design principles that could make the code better?

Performance
Should the new code be profiled for performance?
Are there any logging or debugging code that should be removed?
Is caching used where applicable?
Are large assets compressed?
Is the correct data structure being used to store collections?
Is lazy loading, asynchronous loading or parallel processing used where appropriate?

SQL Databases
Is the most efficient data type used for the expected values?
Are queries returning unneccessary data that could be trimmed?
Are you queries sanitized against SQL injections?
Could a Stored Procedure be used instead of code?
Could the SQL Query benefit from errorhandling?
Can performance be improved by indexing?

Security
Has the code been scanned for secrets using a tool such as Spectral?
Do error messages give too much information to potential attackers?
Is user input validated?
Is user data such as passwords and credit card information properly stored?
Is Authentication and Authorization handled correctly?
Are XML documents validated against a schema?

Unit Testing and Automation

Are tests well documented?
Do tests cover all changes of the code?
Do the tests actually test what it is supposed to test?
Are tests sufficiently isolated to enable easily finding the issues?
Does the code change affect the way existing tests work?
Are there any edge cases that need to be covered?

Readability
Can variables, method names, or classes be renamed to improve readability?
Can the code's readability be improved by breaking up methods into smaller ones?
Is it easy to follow how changes to the data happen over time?
Are there unneccessary comments?
Should a comment explain why the code was the designed the way it was?
Is there any commented out code? Can it be removed? If not, is there a comment as to why it is there?

Error Handling
Do errors adequately cover expected situations?
Is there a catch-all error handling to prevent a complete crash?
Are there null checks where appropriate?
Are the correct web error codes used and interpreted?
Does the user recieve appropriate error messages where applicable?
Are errors not sent to users logged with sufficient information?

UX/UI
Has the user journey change, if so, does it still make sense?
Are UI elements accessbile?
Are UI elements honest about what they do?
Does the UI maintain the brand image?
Is the UX good on varied range of devices?
Is there a need for A/B testing?

Organization Specific (Add below)

 Self-Review Reviewer
✘ 0 ✘ 1
✘ 1 0
0 ✘ 1
✘ 1 0
0 ✘ 1

Self-Review Reviewer
✘ 1 0
✘ 1 0
0 ✘ 1
0 0
0 ✘ 1
0 0

Self-Review Reviewer
0 0
0 ✘ 1
✘ 1 0
0 0
0 0
0 0

Self-Review Reviewer
✘ 1 0
0 0
0 0
0 ✘ 1
0 0
0 0

Self-Review Reviewer
0 0
✘ 1 0
0 ✘ 1
0 0
✘ 1 0
0 ✘ 1

Self-Review Reviewer
✘ 1 0
✘ 0 ✘ 0
0 ✘ 0
0 ✘ 0
✘
 ✘

0 ✘ 0
0 ✘ 1

Self-Review Reviewer
✘ 1 0
✘ 0 ✘ 1
0 ✘ 0
0 ✘ 0
0 ✘ 0
0 ✘ 0

Self-Review Reviewer
✘ 1 0
✘ 0 ✘ 0
0 ✘ 0
0 ✘ 0
0 ✘ 0
0 ✘ 0

Self-Review Reviewer
0 0
✘ 0 ✘ 0
0 ✘ 0
0 ✘ 0
0 ✘ 0
0 ✘ 0
 Self-Review Checklist
#NAME?

#NAME?

#NAME?

#NAME?

#NAME?

#NAME?

#NAME?

#NAME?

#NAME?

#NAME?

#NAME?
Comment Passed
 Reviewer Checklist
#NAME?

#NAME?

#NAME?

#NAME?

#NAME?

#NAME?

#NAME?

#NAME?

#NAME?

#NAME?

#NAME?
Comment Passed