Let’s learn about the 10 best code review tools in 2023, and which features stand out for each of the code review tools. While following code review best practices make code reviews easier, choosing the right tool for the job is as important. By looking at the pros and cons of each tool, I, therefore, help you decide which code review tool is the best for you. Finally, I give you a glimpse into new and upcoming code review tools, that can nicely complement the review functionality of code review tools such as GitHub or GitLab.
Here is what awaits you.
- 10 Best Code Review Tools
- Other emerging code review tools
- Frequently Asked Questions (FAQ) about code review tools
10 Best Code Review Tools
The list of code review tools is based on the popularity of the tools. In addition, I’ll highlight a few new code review tools that will change how we do code reviews today.
GitHub is a cloud-based repository hosting and management platform that allows developers to collaborate effectively.
It has a built-in code review tool that code authors use to seek feedback from reviewers. This allows a seamless review process within GitHub when developers introduce new changes to code.
GitHub’s code review tool lets developers initiate and respond to reviews in simple steps. After creating a pull request, the author assigns one or more reviewers. GitHub allows the author to describe the code changes and areas on which the reviewer should focus. Then, reviewers can comment, approve or request further changes from the author.
While GitHub lacks native automated code check features, it integrates with external ones to provide a more extensive review experience. For example, you can automate code review on GitHub with Codiga, which checks the code for style, design, and best practices. Codiga then provides detailed error descriptions that let you hone in on the problematic code.
GitHub also provides a code scanner, CodeQL, that helps developers identify vulnerabilities. Developers can also use GitHub Actions to enable CI/CD workflow and third-party integrations natively on GitHub. Recently, GitHub also added a new feature which enables required workflows to be run and passed during CI/CD. Alternatively, developers integrate external code scanners to set up a robust CI/CD pipeline that runs extensive tests and automatically merges the changes upon success.
Despite the attractive advantages, GitHub is not the best code review tool when working with large repositories. For example, GitHub strictly recommends keeping the size of a repository below 5GB, while Gerrit has no problem managing a 1TB repository. In such cases, Gerrit is the better option. GitHub also proved hard to navigate code reviews when comment threads are large, or when there are many or large files. The need of expanding and collapsing comments, as well as diff-views of files, is time-consuming and annoying and often leads to overlooking issues.
GitHub has a free plan for individual users, offering yearly teams subscription from $44 per user. GitHub is cloud-based but also deployable on-premise with GitHub Enterprise Server.
- GitHub has a large, very lively marketplace and provides many add-ons to enhance code review.
- It allows teams to set review policies, including setting permissions and automatically assigning reviewers from teammates.
- Code review is a straightforward process in the GitHub environment.
- It offers detailed oversight of changes in code files.
- GitHub’s threaded comments allow teams to follow up and revisit past reviews easily.
- It enables CI/CD workflow with GitHub Actions and vulnerability scans.
- GitHub lacks stability when supporting review workflow involving large or multiple files and comments.
- Reviews with many files, or large files also require the reviewer to collapse and expand files, complicating the review process.
- It is limited to Git repositories.
- Resolving merge conflicts using the web interface is tedious and error-prone.
Like GitHub, GitLab is a Git-only repository platform that lets teams collaborate remotely, and also offers a built-in code review tool. It offers developers free private repositories, an attractive feature for those with security concerns about publicly-accessible ones. However, GitLab operates with very different principles and features than its major rival. GitLab prioritizes stability and is built around a comprehensive CI/CD pipeline, while GitHub focuses on speed.
When making code changes on GitLab, the platform creates separate stable branches beyond the master branch. This allows QA teams to run multi-step testing on the branches. Meanwhile, GitHub merges changes directly to the master branch while allowing developers to roll back the changes quickly.
GitLab also offers flexibility when setting up the code review requirements. You can specify the number of approvals needed for each request and determine qualified reviewers to grant such approvals. For example, you can prevent users who made commits from approving code reviews.
In 2021, GitLab introduced a new ‘Reviewers’ role alongside the existing ‘Assignees’ to better differentiate participant roles in the review stages. Assignees are developers directly accountable for the merging, while Reviewers are partially involved in the process. Now, GitLab allows you to submit merge requests directly from Visual Studio Code instead of switching to GitLab’s browser-based dashboard.
Thanks to its CI/CD-first orientation, you can run automated test scripts to reduce review time. Moreover, GitLab allows you to carry out various code analyses, including static application security testing (SAST), dynamic application security testing (DAST), and dependency tests. It also provides an extensive vulnerability report.
GitLab is an open-source platform that runs on the cloud but is also installable on on-premise servers. You can use GitLab free, with optional advanced features starting from $19/month.
- GitLab has a powerful integrative CI/CD pipeline and supports vulnerability scans.
- It is deployable on cloud and private servers, even without purchasing an enterprise plan.
- Gitlab allows teams to set flexible review policies with varying permissions for code owners and teammates.
- GitLab’s private repositories ensure a more secure development workspace.
- Some features that you need to install as third-party tooling on GitHub, are already build-in using GitLab.
- It’s available as an extension for Visual Studio Code, allowing developers to not only commit changes (which is also supported by GitHub), but also to review code within the IDE.
- Premium subscriptions are expensive.
- Integration with 3rd party tools can be complicated.
3. Azure DevOps
Azure DevOps is a web-based CI/CD pipeline offering versatile and disciplined code review practices. While Azure DevOps’ workflow resembles those of GitHub and GitLab, it allows developers to be more rigorous when reviewing codes. For example, you can set branch policies to specify minimum reviewers for each request. This differs from GitHub, where you configure code review settings on the team’s level.
With Azure DevOps, developers can make linked work items or comment resolutions as part of the approval prerequisites. This allows them to ensure each approval is supported by related user stories, product backlog items or issues for traceability.
Before using the code reviewer, you must define each participant’s roles, security level and permissions. Learning to enable or disable certain policies might be tricky for new Azure DevOps users. But once it’s done, commenting and tagging reviewers in feedback is straightforward.
Being a comprehensive CI/CD solution, Azure DevOps provides vast integrations with various apps in its marketplace. For example, developers can use Sonar Cloud or Ado Security Scanner for automated vulnerability analysis and code quality checks. Azure DevOps is also available as a plugin for IntelliJ IDEA, Eclipse, and Xcode, but the extension doesn’t support in-IDE code review. Likewise, users of Visual Studio and VS Code can connect to Azure DevOps services via an extension.
Azure DevOps is not an open-source project. It runs on the cloud but is deployable on private servers with Azure DevOps Server. Signing up for its Basic Plan is free for the first 5 users and costs $6 per user monthly after that.
Azure DevOps’ Pros
- Decent options for integrations on the marketplace, including SonarCloud, Ado Security Scanner and Beagle Security.
- Available on the public cloud and installable on private servers.
- It supports diverse types of repositories, including Azure Repos Git, GitHub, BitBucket.
- IDE extension allows developers to launch pull requests from IntelliJ IDE, Eclipse, Xcode, Visual Studio and VS Code
- Allows developers to set up detailed and strict code review policies.
Azure DevOps’ Cons
- Setting up is not straightforward.
- It needs more integrations with 3rd party vendors.
Also, Bitbucket offers a built-in code review tool that works very similarly to GitHub’s, GitLab’s and Azure DevOps’s code review tools.
It automatically integrates test results and security scans into the pull request view. It allows to specify code review policies with conditions, thus ensuring each pull request is inspected consistently. For example, Bitbucket allows you to enforce a minimum number of required reviewers, or that the build must pass without warnings.
Especially the UI differs from the other code review offerings of repository system platforms. While GitHub and GitLab make heavy use of tabs, Bitbucket prides itself to show all necessary information within one page.
Another nice feature Bitbucket’s code review tool offers is to create tasks out of code review comments. This is a good feature whenever code review reveals feedback that isn’t going to be worked on during this pull request but should be captured for later.
- Great enterprise solution offering nice code review features
- Integrates well with widely used tools such as Jira
- Better code review UI for most use cases
- No free plan
- Harder to review commit-based
Crucible is one of the best Code review tools that support diverse types of code versioning systems. Besides Git, the web-based code reviewer integrates with BitBucket Server, Mercurial, CVS, Subversion and Perforce. It also works with other popular services, such as Jira, GitHub and BitBucket.
Crucible provides well-defined roles that assign developers as an author, a reviewer or a moderator, where each role has different or overlapping permissions in the code review tool workflow. What impresses me is Crucible’s reviewer selection feature, which suggests reviewers based on their contributions to the code files.
The commenting workflow is quite different than in the previously discussed tools. Crucible, for example, also allows reviewers to flag a comment as a defect, or to require changes. Further, comments can be added as drafts, which is helpful in order to give the reviewer the ability to reflect on their feedback, or to make changes to the comments as they learn more about the code that they are reviewing.
However, Crucible lacks a strict rule-setting ability for enforcing strict approval requirements. With Crucible, the author manually closes the review without stringent automated checks. Code authors use a separate add-on to grant approval after all mandatory reviewers review the changes. In this respect, GitLab, GitHub, and Azure DevOps are the better alternatives because of the preset rules.
As part of the Atlassian ecosystem, Crucible users can use apps in the marketplace to enhance the code review workflow. For example, enabling FishEye integration allows threaded changeset discussions amongst reviewers. Alternatively, you can use Crucible’s REST API to create a custom integration.
Despite its flexibility, Crucible’s drawback lies in its performance degradation when file revisions exceed 800 - which should hopefully never be the case. As a workaround, Crucible recommends that developers split the review into multiple ones to prevent data indexing issues.
Crucible is neither open source nor free. Built for private servers, Crucible charges a one-time payment that starts from $10 with up to 5 users.
- Crucible supports different types of repositories.
- It offers flexible integration options via the Atlassian marketplace or REST API.
- You can create pre-commit reviews from IntelliJ IDEA by using the Atlassian IDE Connector.
- It indicates how much time the reviewers took reviewing your codes.
- Crucible’s inline discussion allows seamless conversations to take place on the source code.
- It doesn’t offer free plans.
- Crucible’s performance degrades when developers make substantial revisions.
CodeStream offers a different approach to code review. Unlike its more established competitors, CodeStream allows developers to request a review anytime from their IDEs without committing changes. This encourages discussions and problem-solving activities early on in coding.
Recently acquired by New Relic, CodeStream supports 11 popular IDEs, including VS Code, Visual Studio, and Jetbrains. It handles pull requests from GitHub, BitBucket and GitLab. CodeStream also integrates with other services, such as Jira, Slack and Pixie, to streamline code review with issue trackers and real-time messaging tools.
Once installed, CodeStream allows developers to raise a review request from any part of their code files with a sleek dialogue box. Reviewers then comment, approve or request changes from their IDE. They can also determine who is permitted to leave reviews.
While reviewing, reviewers can view the entire code tree and leave feedback on other parts of the source code. This is in vast contrast with the other tools that allow reviewers to only see code that has been changed. It’s also possible to start a discussion with CodeStream without launching a formal code review.
Another aspect that distinguished CodeStream from its competitors is the way in how it treats feedback. If a reviewer leaves a comment, this comment becomes a ‘codemark’, which will live on with the code. This way, the comments developers left about code are always visible within your IDE and are not bound to a certain code review.
CodeStream has yet to support code scanning or automated testing scripts. As a cloud-based code reviewer, CodeStream does not offer to be installed on-premise, but compensates this by enforcing cloud security with measures like encryption, VPN, and network packet filters. It uses commit IDs instead of transmitting source code across the network.
CodeStream has free, open-source extensions for VS Code, Visual Studio and JetBrains. It is also available without additional fees to New Relic subscribers.
- CodeStream allows discussion/review without leaving the IDE
- It’s free.
- It has a simple configuration for assigning reviewer permissions.
- CodeStream applies robust security features, such as encrypting data on your machine and those stored on its server to create a secure code review environment.
- Integration with issue trackers, observability, and communication tools.
- It is not deployable on private servers.
- Lacks integrations for automated code testing and vulnerability scans.
- The ability to implement certain code review policies is limited.
7. Review Board
Review Board is a standalone code review tool with hosting options. Developers can install the tool on local machines or subscribe to the cloud-based version. Either way, they get a review tool that supports almost every commonly-used repository. The list includes Azure DevOps, Bazaar, Cliosoft SOS, CVS, Git, HCL VersionVault, IBM Rational Clear Case, Mercurial, Perforce, and Subversion.
With Review Board, developers can ask for reviews without opening a pull request. Code authors publish review requests, which alert the assigned reviewers on their dashboard. The reviewers scroll through the review summaries and access those code reviews that require their feedback. Once resolved, the author commits the changes to the repository.
The tool’s workflow is quite standard, but you can augment it with available automation tools. Review Board allows integration with static analysis tools, style checkers and CI/CD platforms. It also enables streamlining the review workflow with Slack, Asana, Jenkin, Trello and other services.
Review Board appeals with its bright colored panels, well-spaced text and CLI for advanced programmers. Yet, its UI has a touch of an “old-school-open-source” system.
Another nice feature of Review Board is that it allows reviewing not only code, but also PDFs, documentation, and graphics, all in one place.
It’s free and open-source, but the hosting option starts at $29 per month.
Review Board’s Pros
- Review Board supports automated code review and CI integration.
- A free version is available.
- Review Bots allow developers to run partially automated code reviews.
- It shows diff views along the review requests in a simple interface.
- Supports 3rd party integrations.
Review Board’s Cons
- It does not integrate with any IDE.
- Diff might not accurately display the changes when part of the code was moved.
- UI looks old-school.
Gerrit is the best code review tool for projects with large repositories, and it overcomes the limitations that GitHub struggles with. Instead of creating multiple branches from the main branch for each pull request, Gerrit creates individual commits that are reviewed separately. In other words, you can merge multiple pull requests with GitHub, but Gerrit limits each merge to one commit. The approach proves viable when Android developers use Gerrit to review the OS and manage thousands of daily commits.
Like GitHub, Gerrit is exclusive for Git repositories. Gerrit acts like a Git Server and can be deployed on a public or private cloud. While it’s engineered for efficiency, Gerrit lacks the intuitive UI that GitHub does. Its dashboard features panels and controls that support a functional code review tool workflow.
To request code review, developers use the CLI to push code changes to Gerrit and the web interface to leave feedback. Gerrit allows reviewers to vote and approve the results instead of setting rigorous code review policies. By selecting from a score of -2 to +2, the reviewer indicates approval or request for further changes. Once approved, a human verifier validates the result. Then, the author merges the changes with the master branch.
Gerrit is free, open source and works with Eclipse-based IDEs and IntelliJ IDEA. Besides being a robust code reviewer, it also integrates with plugins to provide analytics, event listeners, issue tracking and other useful functions. Furthermore, Gerrit has a REST-like API that enables customized automation.
- Gerrit is free.
- It can be hosted on public and private clouds.
- Available as plugins and enable commenting in Eclipse and IntelliJ IDEA.
- Ideal for projects with large repositories.
- Gerrit has a simple voting system to approve or reject code changes.
- Gerrit is not as intuitive as other code review tools.
- Lacks integration opinion with 3rd party services.
9. Jetbrains Space
Jetbrains Space is a new, comprehensive CI/CD platform that supports frictionless software development. Its internal code review tool succeeds Upsource, a popular solution amongst Jetbrains users. Space deploys on Docker containers, making it an ideal code review tool for private and public clouds. It works with Git repositories created within the project or migrated from external sources.
Space allows developers to start a review request on any JetBrains IDE, including IntelliJ IDEA, PhyCharm, Fleet, or PhpStorm. Developers create merge requests, provide comments and approve changes without leaving the IDEs. With Space, developers can enforce stricter control when merging changes. They set merge request rules to ensure several conditions are met for approval through quality gates. For example, allowing merges only if a specific number of code owners approves the changes and all automated jobs are completed.
To address growing project complexities, Space introduced Safe Merge, creating a temporary commit branch. This allows code authors to implement and validate feedback before merging them with the main branch.
Space offers various automation tools, issue trackers and other project management features to streamline code review. It also integrates with popular third-party collaboration apps. Space’s chat-like review conversations allow developers to track and manage changes easily.
Space’s mobile app further differentiates itself from competitors by enabling responsive code reviews on the go. Signing up is free and premium plans start from $8 per user monthly.
- Space offers intuitive features with a modern interface.
- Allows the review code on a mobile device.
- It has extensive built-in automation services and 3rd-party integrations.
- Works with all Jetbrains IDE, allowing developers to review codes in the editor.
- Deployable on cloud and on-premise servers.
- It offers an intuitive user interface that lets teams manage code changes and review efficiently.
- Space’s premium plan is relatively expensive.
- Extensive features might be overwhelming for new users.
10. Review Assistant plug-in Visual Studio
Review Assistant from Devart Software is a code review plugin for Visual Studio and is also available as a standalone tool. By installing the plugin, developers can request code reviews without leaving the editor. It supports a rather extensive range of version control systems, including Team Foundation Server (TFS), Azure DevOps, Subversion (SVN), Git, Mercurial (Hg), and Perforce.
Whether you’re practicing rigid or flexible code review workflow, Review Assistant allows you to configure the rules accordingly. In stricter reviews, you can appoint a moderator to coordinate the discussions. Meanwhile, code authors can request a review without specifying the reviewers in more lenient environments. This allows any team members to contribute to the conversations, which appeals to Agile teams.
While Review Assistant offers a coordinated review workflow, it’s also possible to start a discussion by commenting on any part of the code files. The plugin captures all review activities and makes them available in reports. Despite its flexibility, Review Assistant has limited integration, with MSBuild and Jenkins making up the few options.
Review Assistant is free for up to 3 users. Then, teams pay $349.95 per year for up to 10 users.
Review Assistant’s Pros
- The plugin allows flexible code review, enabling teams to work without conventional restrictions.
- Code authors can complete the review cycle without leaving Visual Studio IDE.
- Review Assistant is available as a standalone code review tool.
- It supports various version control systems.
- Threaded comments allow developers to start a discussion or comment on any part of the code.
Review Assistant’s Cons
- It has limited automation options.
- Developers can’t reorder or filter the comments.
- The integration only works with Visual Studio.
Other emerging code review tools
As software development practices evolve, more tools enter the marketplace to optimize code review processes. Here are notable mentions, but remember those are cutting-edge, so they also might be a bit experimental:
- Reviewpad: This code review tool is your code review management assistant: it surfaces important information about your PR, like size, risk-profile and contributor, and helps drive the review process based on these characteristics.
- WhatTheDiff: This is like ChatGPT, but for your code reviews. An AI-powered tool to automatically analyze and describe changes in pull requests. A must-have to make the code review best practice of good code review description a reality.
- Plz.review: This code review tool that aims to better GitHub’s review comment experience. For example, it allows reviewers to comment freely on other parts of the diff. It also allows for stacked pull requests.
- GitHub Copilot: This is not exactly a code reviewer but an AI assistant that predicts and helps developers write codes. It’s your AI pair programmer, yet it also explains code, which makes it a great code review assistant.
- AWS CodeGuru: AWS’s code reviewer uses machine learning to identify vulnerabilities and provides code quality recommendations.
- Reviewable.io: This tool allows programmers to create discussion-like reviews on GitHub and GitHub Enterprise environments.
- Softagram: Developers use Softagram to visualize and forecast the impact of code changes.
You still do not have enough? Have a look at my GitHub repository, where I keep track of code review tools.
Frequently Asked Questions (FAQ) about code review tools
When you learn about code review tools, you might have some additional questions, like why should you do code reviews, or how to choose the right tool. Let’s clarify your questions:
Why is code review important?
Code review allows software developers to identify bugs, vulnerabilities and bad coding practices that can’t be picked up by compiler and build tools. When left unchecked, such bad source code often manifest itself in production.
By practicing code review, you receive timely feedback from your team members on issues that escape your attention. This is helpful because we, software developers, might be blindsided in certain coding stages despite our best effort. Read more about code reviews in this code review 101 article.
Why should you use a code review tool?
In a nutshell, code reviews are conversations that help you identify code issues and improve software quality. Yet, without proper code review tooling, bottlenecks such as manual note-taking and email exchanges limit the process. As a result, software developers found themselves overwhelmed by non-coordinated feedback and costly delays.
Luckily, today, developers have access to modern review tools that allow them to spend less time seeking reviews and leaving constructive feedback. Instead of exchanging dozens of emails, code review tools ensure the entire code review process is transparent, well-coordinated and observable. That way, you can spare more time working on new features instead of manually sending and tracking unresolved review requests.
Code review tools are a great way to ensure code reviews are done systematically. They allow for reviews to take place asynchronously. Feedback and changes are documented and can be traced, tracked and saved so that you can always come back to see why certain changes have been implemented or what your thought process or decision was at that time.
How to choose a code review tool?
Which code review tool is the best for your team depends on your requirements.
Teams that prioritize CI/CD automation might opt for GitLab or Jetbrains Space, which are built with integrations in mind. Meanwhile, CodeStream and Review Assistant allows you to request feedback from your teammates without leaving the IDE.
Version control systems that the tool supports are equally important. For example, GitHub and GitLab work exclusively with Git repositories. If you manage code with SVN, you need tools like Crucible or Review Board.
Some developers prefer cloud-based code review solutions that allow them to leave comments remotely. Others require tools that can be deployed on private servers.
Code scanners and automated testing are desirable features to prevent code exploits. Tools like GitLab and Azure Devop provide vulnerability scanners to help address security issues early on.
Finally, more and more people write and develop code while they are on the go. While online solutions such as GitHub and GitLab allow one to view the repository and even to leave comments in a mobile browser, the experience is far from good. Space, on the other hand, has a dedicated mobile code review app that makes reviewing on the go easy.