Reviews

As you develop software, you will need to manage 4 types of reviews. This page provides a quick overview of these reviews. For detailed information on each review, see the following pages.

Review Types

Security Reviews: Security reviews ensure that the project’s history does not contain security issues. You should conduct a security review for each new merge request, and before the code review. The security reviewer should be the same person as the code reviewer.
Code Reviews: Code reviews check that the project follows various best practices and standards for writing software. You should conduct a code review for each new merge request. The reviewer should be someone with experience in the programming language of the project.
Domain Review: The domain review checks the scientific content of the project. You should a domain review once the code is ready for release. The reviewer should be someone with expertise in the project’s subject field.
Administrative Review: The administrative review checks the project meets various legal, security, and administrative requirements. This is the final review before a release. The reviewer may be any trusted individual.

When to Review

The security and code reviews are iterative, and you should plan to conduct them for each new merge request. By contrast, you will usually only need one domain and administrative review per release.

By contrast, the domain and administrative reviews are intended for finalized projects that are ready for release. As such, you will only need to conduct these reviews once per release.

flowchart TD write[Write Code] review[Security/Code Reviews] domain[Domain Review] admin[Admin Review] ipds[IPDS Record] submit[Submit Release] classDef bold stroke-width:4px class review,domain,admin bold classDef faded opacity:0.65 class write,ipds,submit faded subgraph Develop direction LR review --> write write --> review end Develop --> Release subgraph Release direction LR domain --> ipds ipds --> admin admin --> submit end click review "./security.html" click domain "./domain.html" click admin "./admin.html"

Reviews in the software development process.

Selecting Reviewers

The following tables summarizes reviewer requirements for different reviews:

Review	Reviewer Requirements
Security	Should also be the code reviewer
Code	Experienced with the programming language of the project
Domain	Experienced with the scientific topic of the project
Administrative	Any trusted individual

Tip

Although not required, it’s usually helpful for the code reviewer to have experience with the project’s scientific project. Similarly, the domain reviewer will usually benefit from experience with the project’s programming language.