
Ask HN: Do you use anything for automated code review? - taylorwc
I have been looking into a couple of options in this space and it&#x27;s really hard to tell what would be a low-value, high-pain tool and what would add value. Does anyone have any great experiences with tools in this vein?
======
samuraiseoul
At my employer we started using Codacy a few months ago, providing things like
that are what you're asking.

Things were real touch and go for a while with the analysis taking forever or
other problems but they released an update a few months ago and that's not
much of an issue at all now. We had one other issue with the integration with
GH where the person who signed up for it left the company and our integration
went to hell but we've fixed that and it was our fault. Just be sure the
account that is the repo owner is the one registering, not a contributor.

We haven't tweaked the settings as much as we need to but it's been nice. It
catches things and links to education so the reviewer can focus on more
important pieces like the architecture or other things. The settings are very
granular so you can turn some on or off depending on preference. Another nice
thing about Codacy at least(haven't used others) is that many of the things it
complains about has explanations or links to good explanations and the why, so
that the person can learn as well as fix, hopefully preventing further
mistakes of the nature in the future.

Overall I think that Codacy and things like it are great tools. But for sure
linting and static analysis can be at least slightly done with git hooks or CI
tools as others said if you want a poor man's kind of trial run. I hope that
helps!

------
quickthrower2
You can always start with linters and make them part of your CI acceptance.
You can go quite far with this eg in C# enforce code contracts to ensure no
rouge nulls. Or keep it light and just check for basic things.

This doesn’t automate the review but saves discussing minor things in the
reviews.

~~~
tmm84
I agree with using linters that are very strict. They save a lot of time by
making sure things are uniform. Most of the time I need to fix stuff in a
codebase is because the style was all over the place and if the style was
consistent then refactoring or making the code simpler wouldn't have been much
of a problem.

------
kejaed
We have implemented SonarQube and found it useful. There was initial pushback
from our developers but once we had a couple of review sessions we got some
serious value out of it.

~~~
taylorwc
That’s useful feedback. Did you implement the free (Community) or a paid
version? If free, do you think it would be worth upgrading?

~~~
kejaed
We implemented the community version. One thing that we almost upgraded for
was to implement a custom rule which seemed to be more complicated than it
should be. It looked like there were some other options if we had the paid
version but we figured it out.

------
randomvectors
Isn't the whole point of code review that another human looks at your code?

~~~
taylorwc
Definitely. I’m asking more about tools that are meant to augment that
process... SonarQube, Code Climate, et al.

~~~
tmm84
One bit of advice if you are using CI checkers is to start with few rules and
add them as you need them.

