It may be required for a human to perform a code review to look directly at the code to find issues.

• Follow the organization’s policies or guidelines for when code reviews should be performed and how they should be conducted. This may include third-party code and reusable code modules written in-house.
• Perform peer review of code, and review any existing code review, analysis, or testing results as part of the peer review.
• Use peer reviews to check code for backdoors and other malicious content.
• Have the developer review their own human-readable code to complement (not replace) code review performed by other people or tools.
• Use review checklists to verify that the code complies with the requirements.
• Identify and document the root cause of each discovered issue.
• Document lessons learned from code review and analysis in a knowledge base that developers can access and search.

Imported from SD Elements: https://redhat.sdelements.com/bunits/psse-secure-development/group-2-extended-functionality-offerings/amq-clients/tasks/phase/specifications/141-T2348/

Training Modules

Defending TypeScript

• Enforcing Correct Types, Modes, Declarations, and Code Reviews in Typescript

Defending Node.js

• Use Promises for Code Clarity