Create "Software Review (for reviewers)" Episode

Audience: Person performing the review

Topics:

• Cover what these types of reviews are: Administrative, Domain, Code
• Admin (security) review: need to make sure the entire history of the project is free of any potential security or privacy violations; easier to do this along the way rather than review every single change/commit. For example, reviewing a merge request is done by people who are not authors on that specific code, they are only "authors" of the project generally. Therefore not violating review practices.
• Technical code review: Quality of code, good code complexity, etc. You can do this at the end state or do it incrementally
• Scientific (domain) review: Can also be incremental or end state; end state just needs to satisfy scientific veracity requirements
• Policy is that these 3 topic areas needs to be reviewed but don't have to be 3 separate, individual reviews; can be done in a single review
• These reviews can be satisfied by your BAO by "sufficiently high quality software development practices". For example: CI/CD automation such as linting, unit tests, integration tests, cyclomatic complexity scoring. This can satisfy technical and scientific veracity reviews. But those practices have to be agreed upon with your approval official (Science Center Director). Can also say that the reviewer works with the output of the CI/CD to check that everything passed.
• Examples of logistically, how to document the review (merge request, issues, word doc, template, etc.)
• Include a resource of the CI review that it automatically goes through before approval (get from Eric); this is an advanced topic (optional)

Exercises:

• An exercise where they have to catch examples of red flags within code

Learning objectives for this episode:

• Explain the topics that need to be covered during review
• Conduct a software review

Questions for this episode:

• What are my responsibilities for performing a software review?
• How do I conduct a software review?