Top 5 open-source and commercial secure code review tools

Code review is an indispensable part of the development process. And as such, code review tools are an indispensable part of the development team. Below is a list of the top five open-source and commercial secure code review tools.

Learn Digital Forensics

Build your skills with hands-on forensics training for computers, mobile devices, networks and more.

Start Learning

Open Source

#5 – Codebrag

Codebrag is a good code review tool if you are after simplicity. Really, the best thing about this tool is that it is lean and non-invasive. Some important features are a clear to-review list, centralized code discussions, smart email notifications and a code review workflow that is non-blocking. Codebrag also playfully boasts "likes" and inline comments. You can find Codebrag here.

#4 – Gerrit

This open-source tool, built over the "Git version control system," is a lightweight solution to pre-acceptance (codebase) code review. Gerrit is exceptionally useful in project environments where all users are trusted committers, as it gives all committers on a project a chance to check over all changes. This tool is at once a "changes staging area" where they can be reviewed before being accepted into the codebase, and at the same time a facilitator of the change process by allowing for comments and notes to spark conversation about the change. Gerrit can be found here.

#3 – ReviewBoard

A simple code review tool with simple functionality, ReviewBoard gives every developer what the need the most in a code review tool — namely a diff and the ability to make comments. While having a small interface learning curve, ReviewBoard is relatively quickly learnable. If general, no-frills code review is what you are looking for, ReviewBoard may be your product. If this sounds like something that your organization may be looking for, check here.

#2 – Reviewable

Reviewable is an open-source code review tool that is head and shoulders above ReviewBoard in terms of appearance and functionality. Using a clean and modern UI, this tool lets you perform advanced functions such as instantly comparing the diffs of any two revisions of a file, lets you deploy fully customizable logic that can determine when a review of code is complete, and shows in clear terms the net deltas since last time you checked regardless of if the commits were amended or rebased. Reviewable works only with GitHub and can be found here.

#1 – Phabricator Differential (Open Source)

Released by Phalicity, Phabricator Differential is the best of the open-source code review platforms. Used with Git, HG and SVN, Phabricator allows for code review, team discussion, planning, testing and coding — which runs the full gamut of the functionality that a code reviewer would expect. Some features of this tool include:

• Leave helpful anecdotes and comments
• Allows to publish all repositories to mirrors
• Repositories can be hosted locally
• Scalability is possible to multiple servers

Commercial

#5 – Crucible

A good commercial code review to consider is Crucible. Released by Austrian development company Atlassian, Crucible allows developers to review, discuss, track (commits, reviews and comments) and report (to improve code quality). Crucible works with SVN, CVS, Git, Mercurial and Perforce. If you are looking for a low-priced, fully-functional, well-rounded code review platform, look no further than here.

#4 – Phabricator Differential (Commercial)

Phabricator Differential has a paid version that essentially just includes support on a sliding scale — the more you pay, the more support you can receive. This version has all the same functionality as the free, open-source version which, by the way, does offer free support in the way of community support. Skip the commercial version and go with open source.

#3 – Collaborator

Another good commercial code review tool is Collaborator. This all-in-one tool allows you to collaborate on code review, customize the tool to your workflow/terminology, implement standardized peer review processes and ensure proof that the code was reviewed with E-signature capability and audit trail functionality. Collaborator also keys you in to audit log reports and defect tracking/management. If you are looking for a powerful, versatile code review tool, this is a great option.

#2 Paladion

This platform uses a service called security code review that discovers hidden design flaws, vulnerabilities and whether the proper security controls are in place. Paladion uses a hybrid approach that combines manual review and scanning tools to detect insecure code, injection flaws, backdoors, flaws in cross site-scripting, weak cryptography and more. This tool even goes the extra mile in ensuring that industry regulation compliance is met. If you are looking for the next level in code-review tools, check out Paladion.

Learn Digital Forensics

Build your skills with hands-on forensics training for computers, mobile devices, networks and more.

Start Learning

#1 – Review Assistant

The top spot of commercial code review tools goes to Review Assistant. This lightweight, easy-to-use peer code review tool runs on Visual Studio. Review Assistant allows for flexible code reviews that let you set how simple or strict you want your code review workflow to be. Comments can be left within the code and comment-fix-verify cycle functionality has been expanded to multiple cycles. Review Assistant even provides for deeply insightful reports, including who may be to blame for holding up the review process. If you think this may be the option for your organization, you can look further into Review Assistant

here.