Ongoing code review and automated scans
Clients on Full and Enhanced review levels will have the GitHub pull request workflow enabled. This protects the master branch from merges without VIP’s review. Pull requests against the master branch will surface in a queue for manual review by VIP engineers. VIP does not manually review third-party code on PRs in repos on the Enhanced review level.
If the changeset is larger than 1000 lines of code (PHP, JS, and SVG), it will need to be scheduled for a review. We recommend keeping PRs small by breaking them down into atomic commits.
For clients without manual review, we also recommend following a pull request workflow, although these PRs will not surface in the VIP review queue. PRs on any branch in a VIP repo will trigger the VIP code analysis bot to provide automated feedback.