Code Review

This check verifies whether defined approval and release processes for merge requests are being followed in order to ensure quality, security, transparency and compliance in the development process in line with DevOps best practices.

It checks whether a certain percentage of all merge requests in a given period meet the following criteria:

1. Maintainers may merge merge requests without approval
2. If a merge request was made by a non-maintainer and is merged by a maintainer, no explicit approval is necessary.
3. If a merge request was made and merged by a non-maintainer, at least one maintainer must have given approval.

- type: CODE_REVIEW
  description: Dieser Check prüft, ob definierte Genehmigungs- und Freigabeprozesse für Merge Requests eingehalten werden, um im Sinne von DevOps Best Practices Qualität, Sicherheit, Transparenz und Compliance im Entwicklungsprozess sicherzustellen.
  threshold:
    timeRangeInMonths: 6
    min: 75

Background

These checks are an essential part of good DevOps and quality assurance practices in software development projects. Performing the checks ensures that procedures and governance processes are adhered to. They help to identify risks at an early stage, reduce error rates and ensure high quality and compliance in software projects in the long term.

They prevent the uncontrolled introduction of potentially faulty or dangerous code components and ensure a consistently high level of quality through explicit control.

These checks help to ensure that changes to the code base are traceable and documented before being released, thereby supporting traceable processes in terms of auditability.