Volo Code Audit
SmartLogic provided a technical evaluation to help Volo assess a code base in advance of a possible acquisition.
As of early 2019, Volo's tech stack included a key piece of software which was developed and maintained by a third party. As Volo was growing, they were considering an acquisition to bring that key piece of software in house.
Volo's tech strategy involves maintaining a lean internal tech team and working with technology experts like SmartLogic. They partnered with SmartLogic to get a thorough tech audit of the code base before moving forward with the acquisition.
Auditing the Code Base
For this code base audit, our team reviewed the web application, mobile application and server, assessing overall code quality, documentation, and automated software testing. Our review process included developer and stakeholder interviews as well as source code review.
For each component of the code base, we outlined our findings and delivered them in a formal report at the end of the project. The review criteria we used in this assessment included the following:
The overall quality of the app is reflected in how well it adheres to commonly accepted best practice coding standards. These standards include:
- Is the code easily understood?
- Is the code modular?
- How much of the code is intentionally unused (commented out) vs being removed from the codebase?
- Are variable names appropriate and descriptive?
- Have consistent formatting and syntax checks (linting) been applied to the code?
The documentation refers to the explanation of the code. Typically there are "docs" available for a codebase. In some cases, the availability of "docs" is unknown. In those cases, we will evaluate the documentation using the following:
- Are there comments throughout the code? If so, are they descriptive and useful?
- Are unusual behaviors or known errors documented throughout the code?
- Are third-party configurations or atypical data structures explained?
- Are there notes for code that is incomplete or that is known not to work correctly?
Automated testing is conducted to determine if the app responds to certain conditions as expected. We considered the following to decide if adequate testing was in place for the application:
- Is the code testable as it is currently written and structured? If so, how much code will need to be tested?
- Is a test suite in place for the existing code base?
- If so, are the tests comprehensive?
- Are the tests unique to the application? Could the tests be reused for other applications?
Our final report also included highlights regarding evaluation constraints, our overall opinion of the components, and important notes for future development, including possible scale constraints, technical debt, and recommendations for future refactoring.
A Successful Audit and Acquisition
After conducting our review, we were able to enthusiastically recommend continuing to use and develop the piece of software under consideration. Volo moved forward with the acquisition and brought the software in-house; the audit provided them with a clear-eyed view into the state of the application and has informed subsequent development.
Code audits are a great way to get insight into a code base before an acquisition or round of funding; they can range from a relatively light-weight review like the one we did for Volo, to a more robust deep dive including an advanced security review, assessment of codebase brittleness, backlog estimation, development workflows and team structure.
Subsequent to the code audit, our team has continued to work with Volo on targeted development projects; you can read more about our recent work in the VoloPass case study.