Cover image for Can we automate code-review? Yes we can

Can we automate code-review? Yes we can

arpitvasani profile image Arpit Vasani Updated on ・3 min read


What is code-review?

After you submit a pull request then there will be someone from the senior development team who will review(or maybe test) your code before merging it to development or master branch.

Code review helps us identify the wrongs before it gets to master code base or get published to a production site. It could be programming-wise or business logic wise. For programming related mistakes there are tools using which one can enforce best practices and for the other, we need to have a person who has an understanding about the flow of the system. The last one can't be automated(at the moment).

Why would you want to automate it?

I'll replace you with AI meme

There are lots of reason to automate your tasks. Like following.

  • More free time on work 😉
  • It will give you time to focus on more concerning problems
  • Higher accuracy than human
  • It's a Reliable system to prevent the buggy code to reach production
  • ...and much more

It's not like we are completely removing human intervention in the code review process. In fact, Technology will play helping hand in this review process for a senior developer(or a code reviewer).

How can you automate it?

In this tutorial, We will be using sonarqube. Sonarcube is code quality checker which can be hosted on-premise it also has an inbuilt web interface to show the bugs and code sniffs. Sonarqube is an on-premise version which you can download and install on a machine on LAN. on top of that there is a community edition of sonarqube which is free and open source. yay!!

Sonarcloud is the cloud version of the same service and it's free for public repo so we are going to use that.

For the demo purposes, I will be using this repo https://github.com/vasani-arpit/sonarcloud-tutorial which has some intentional mistakes.


  1. Go to sonarcloud and sign in with Github
  2. after authentication is done, click on ➕ on the top and select analyze new project
  3. Next, Import your GitHub repo using "Choose an organization on Github button"
  4. Click on "Bind to an existing SonarCloud organization" and then "Bind Organization" button
  5. Select/check the repo you want to analyze from the list and click on set up
  6. Now go back to your repo and add a file at root level as following and save it as .sonarcloud.properties

    # Path to sources
  7. push your commit. Sonar cloud will automatically pick up your code and start analyzing the repo.

  8. once the analysis is complete you should see something like following
    sonar could overview image It is a public project. you can see it on https://sonarcloud.io/dashboard?id=vasani-arpit_sonarcloud-tutorial as well.

It says there is one bug let's see what that is.

sonar cloud bug overview

as you can see if and else block of the code is the same so sonar suggesting me to remove the condition because there is no point in having it. It also tells how much time it will take to resolve this bug. So, Next time when you have an existing project to refactor then pass it through sonarcloud and tell exact efforts needed for reactor so your PM won't ask you every day for the update. 😜

Now, This is something my IDE/compiler won't catch because it only checks for the syntax.


by Partially automating the code-review task you can have better results which human eye can miss. If you like pair-programming then sonarqube/sonarcloud can be your pair-reviewer. 😀

On a serious note, If you are in domain/organization in which you can't put your code on the cloud then you can setup sonarqube (instead of sonarcloud) on your local machine and automate your PR reviews.

Posted on by:

arpitvasani profile

Arpit Vasani


Life long student. UI/UX and mobile app developer


markdown guide

Great article, even if "automating code-reviews" is a bold statement.

For me stuff like code quality checks or using the correct coding conventions is more part of the CI process than the actual code review.
However, things like that should absolutely be automated because nobody wants to spend precious developer resources on things that easily can be automated ;-)



Yes. It is just an quality checks and CI process.

and for the title, I had to come up with something newbie friendly 🤷‍♂️


Static code analysis (e.g. sonarqube, checkstyle, spotbugs, PVS Studio, linters, ...) is not the same as code review. If it is, then you are doing code review wrong.
In a code review you review if the code does what it is mean to do, in a proper way. Unless you have a formal specifications and model checkers it is not something you can automate. That's why we still do it by hand (besides the fact that you also learn by reading code).