Guidebook: Developing with VIP

Code review

VIP’s priority is to ensure that your site is there when you need it, which means we care about its performance and security. Code review is a key component of ensuring your site is secure and performance.

VIP’s code review focuses on the performance and security considerations in PHP, custom JavaScript, and SVG files. We do not review HTML, CSS, SASS, many popular third-party JavaScript libraries, or built JavaScript files.

When you open a Pull Request (PR) for your codebase in GitHub, we offer both automated scans and manual reviews to our customers.

This process is the same for both your initial codebase review, and for ongoing PR reviews.

  1. Automated scans: When you open a PR in the GitHub, your entire codebase will be automatically scanned against VIP Coding Standards by the VIP Code Analysis bot. If you have questions about how to address specific errors or warnings, you can open a Zendesk ticket with our team.
  2. Manual code review: For clients with Application Support, you may request specific developer feedback on your code (including themes and custom plugins) by adding the “[VIP] Review Request” label to your PR in master. Before adding the label, ensure that you’ve addressed as many errors and warnings from the automated scan as possible. If the changeset is larger than 1000 lines of code, it will need to be scheduled for a review. Where possible, we recommend keeping PRs small by breaking them down into atomic commits. Please allow for 10-15 business days in your project timeline to complete the first and subsequent review cycles.

We also encourage you to run the PHP_CodeSniffer tool in your local development environment or code editor, allowing you to fix errors as you code and develop to VIP best practices.

Further reading #

Previous: Local development for VIP sitesNext: How to use PHP_CodeSniffer during VIP development