VIP’s priority is to ensure that your site is reliable, which means we care about its performance and security. Code review is a key component of ensuring your site is secure and performance. We offer both automated checks and manual reviews to clients:
- Manual Code Review: A developer will read every line of your code, including themes and custom plugins.
- Automated scan: Even if you don’t receive manual review, your entire code base will be automatically scanned with VIP’s PHP CodeSniffer (PHPCS) standard with an initial report sent to your developers. VIP will answer any questions about specific errors or warnings if the client wishes to refactor the code.
The first step begins with us scheduling an initial code review of the entire code base. After that has completed, you will continue receiving this type of feedback on pull requests with the label “[VIP] Review Request” to your GitHub repository.
Initial review #
Allow for 10-15 business days in your project timeline to complete the first and subsequent review cycles. Please note, exact timeframes can vary depending on various factors, please ask your Technical Account Manager for more details. Before you submit your code for review, ensure it’s been thoroughly tested, scanned using PHPCS with the
WordPress-VIP-Go ruleset, and as many errors and warnings as possible have been addressed.
Ongoing review #
After the initial review, clients with Application Support will have a GitHub pull request workflow enabled. For clients without manual review, we recommend following a similar workflow to enable the VIP code analysis bot to provide automated feedback.
We take code review seriously and understand that there may be many questions along the way. If you need assistance, please open a ticket and we’d be happy to provide guidance.