The Use of Automated Code Review in Security-Focused Software Projects

Abstract

This research into automated and manual code checking in security and non-security projects sough to understand the level of usage of each form of code checking processes using a sample of repositories in GitHub. The role of automated tools in security-focused projects versus non-by security ones has not been fully explored. Evaluating the use of both automated and manual code checking in a sample of GitHub repositories found a domination of automated code checking tools in security projects compared to a low use in non-security projects. Security issues identified in non-security projects tended to be ignored. It takes longer for the issues that have been identified in non-security projects to be addressed the fast response times for security projects indicate that developers are seeing to respond faster to identified issues and therefore automated code reviews can provide the rapid and immediate identification of issues. This is seen as to the reason why automated code checking has been adopted more rapidly for security projects than for non-security projects.