Ongoing code review and automated scans
Clients on Application Support will have the GitHub pull request workflow enabled. Pull requests against the master branch with the [VIP] Review Request label will be surfaced in a queue for manual review by VIP.
If the changeset is larger than 1000 lines of code (PHP, JS, and SVG), it will need to be scheduled for a review. However, we recommend keeping PRs small by breaking them down into atomic commits.
For clients without Application Support, we also recommend following a pull request workflow — although these PRs will not surface in the VIP review queue. PRs on any branch in a VIP repo will trigger the VIP code analysis bot to provide automated feedback.