Code review checklists make code reviews more systematic and help detect more issues. They also help teams to perform code reviews more consistently among team members.
Yet, there is no one size fits all code review checklist. Instead, the best code review checklist is specific to your technology, domain and to what you want to check the code for. This means it’s best to tailor code review checklists to your needs.
In the remainder of this article, you find code review checklists that focus on different areas, like security or accessibility, or different technologies, such as Java or C. You can use those code review checklists for inspiration and derive your own one based on those example code review checklists.
General Code Review Checklists
- General Code Review Checklist: This list covers all relevant aspects from implementation, to readability and security.
- Short Code Review Checklist by Suremder Reddy Gutha: Short code review list with nice visualization.
Company Code Review Checklists
Security Related Code Review Checklists
- Security-focused code review checklist: A good balanced code review checklist that covers all relevant topics of the OWASP top 10, such as input validation, authorization or session management.
- OWASP Web Application Security Testing Checklist: A web application checklist by OWASP
- Security Audit Checklist: Code Perspective from University of Washington: General tips from two perspectives: Programmer and Attacker. Also tips specific to Ruby/Java/JSP/PHP
- Secure Code Review Checklist: Modelled after OWASP.
Java Code Review Checklists
- 30+ items for Reviewing Java Code: A checklist with concrete examples, covering aspects relevant to object-oriented programming.
- Java Code Review Checklist from DZone: Concrete list for Java.
- Java Concurrency Checklist: An in-depth resource dedicated to Java concurrency best practices.
C# Code Review Checklists
C++ Code Review Checklists
Python Code Review Checklists
Pull Request Checklist
- Frontend pull request checklist: This a meta checklist that makes sure you have done all necessary checks before your frontend code goes through a pull request.