Code reviews not only improve code quality, in general they drive increased maintainability by
Code reviews also facilitate increased system effectiveness: Knowing code is going to be reviewed, stimulates looking it over first, and having to explain it to a reviewer, problems that may have been missed before may become apparent. And if something in the code is not immediately clear to the reviewer, this can be taken as an indication that a better name, an additional comment, or a refactoring is required. In addition, a reviewer may spot vulnerabilities, subtle errors, unnecessary code and design flaws, including in nearby code.
Code reviews done by the entire team take a lot of everyone's time, and as a result these reviews become few and far between and only a small percentage of the code base will get reviewed. The “another person reviews changes before commit” usually works better, and in the case of a dedicated reviewer may give the reviewer (and if communicated and documented well for the entire team) an impression of used development practices and architecture “as is”.
There are some warnings though:
Not perfect, but is mentioned as having noticeably improved code quality in several projects if:
Let's make this fun and enjoyable! May the “magic” commence!
In some cases, dependent on what the changes are, what tools the development environment contains, in what language is developed and what analysis tools are available, tools can assist with a part of a manual review. Specifically source code security analysers examine source code to detect and report weaknesses that can lead to security vulnerabilities.