Contact us

Call Us on 1300 727 952
Find us

First Floor, 159 Victoria Pde
Collingwood, VIC 3066
(Google Map)

1300 727 952 
+61 3 9910 4099


Contact us


Code review

Optimise your site/module code to follow best practice to improve stability,  performance, security and maintainability. Salsa’s code review services take a deep dive into the code behind your site to ensure it’s optimised and follows Drupal/GovCMS best practice.

What is GovCMS?

GovCMS is a whole-of-government open source web content management system designed by government for government and hosted on a secure public cloud. Find out more about GovCMS

Why you might need a code review

There are many reasons you might need a code review, such as:

  • Maintenance liability: Your code is poorly constructed and difficult to maintain and/or extend/enhance.

  • Undocumented: Your site and the code behind it has been built without any documentation and you need to understand how it's built for: BAU management, security reviews and patching, or undertaking enhancements.

  • Developers have moved on: Your developers (in-house or external vendors) have left and you need someone to review and understand/document your code.

  • Poor performance: Your site is performing poorly and a code review will help you identify bottlenecks/issues/pain-points and plan step-by-step resolution(s).

  • Deprecated code: Your site code needs an upgrade, your site may have been built some time ago and coding techniques and standards have progressed, so new modules or functionality are not currently compatible.

  • Fragmented: Your site has been built function-by-function and so there is little overall cohesion and structure to the code causing potential instability or incompatibility with other modules or functions.

  • Security vulnerability: Your site has a security vulnerability and you need to review the code to identify any issues and establish an effective mitigation resolution/strategy.

Benefits of a code review

Benefits of a code review include:

  • Clean and best practice code, which leads to better site performance across a variety of areas.

  • Documented code to allow developers to understand the site design, architecture, and available functionality to allow and plan enhancements.

  • Performance following best practice coding and functional structures to create a faster more efficient site for users

  • Maintenance is manageable with a known codebase to ensure security vulnerabilities are patched and improved overall health of the system.

  • Compliance standards are being met such as WCAG compliance, DTA design systems and digital service standards (DSS).

  • Security risk profile is known and mitigation strategies in place where required for cyber safety.

Engagement process

Our engagement process is outlined below:

  1. Review questionnaire or brief: Agency to complete a light questionnaire (or send Salsa a high level project brief) reflecting basic requirements and/or project key business drivers.

  2. Intake and alignment: Salsa conducts a free 30-45 minute intake phone call to align on scope, expectations and overall engagement requirements based on the questionnaire or brief.

  3. Project setup

  4. Environment setup and assessment tooling

  5. Conduct code/module review

  6. Produce code/module checklist report covering issues, criticality and recommendations

  7. Produce optional cost estimates for remediation

  8. Report handover and optional stakeholder presentation


As part of the code review, you’ll receive:

  1. Checklist report including criticality indicator for critical, high priority, medium priority and low priority findings

  2. Issue identification and/or potential areas of attention

  3. Recommendations and/or suggested remediations

  4. High level costings on implementing suggested recommendations/remediations (optional)


The code review delivers:

  • Performance improvements with an efficient code base using clean and best practice coding standards to create a faster, more efficient site for users.

  • Roadmap for enhancements and continuous improvement with well-documented code for developers to plan enhancements with a good understanding of the site design, architecture, and current functionality.

  • Well-maintained and healthy system, robust from security vulnerabilities being regularly patched for version and security updates.

  • Compliant, meeting or exceeding required compliance standards including WCAG AA, DTA design systems, and digital service standards (DSS).

  • Improved security with a known risk profile that addresses and contains mitigation strategies against potential cyber attacks.

Fixed price packages






Up to 500 lines of code per module

Up to 2,000 lines of code per module

Up to 5,000 lines of code per module

One-off setup

6 hours @ $195 +GST

$1,170 +GST

Code review

Up to 500 lines of code:

4 hours

@ $195 +GST

$780 +GST

per scripted module

Up to 2,000 lines of code:

16 hours

@ $195 +GST

$3,120 +GST

per scripted module

Up to 5,000 lines of code:

40 hours

@ $195 +GST

$7,800 +GST

per scripted module

Total hours




Total cost

$1,950 + GST

$4,290 + GST

$8,970 + GST

What you get

Our code review packages provide you with a report that identifies all the code issues and gives you recommendations and costings to fix them.

You’ll also have access to:

  • The digital agency that’s the official service provider of the entire GovCMS platform and program

  • A highly qualified and experienced digital agency that has delivered over 30 GovCMS projects since 2015

  • GovCMS product and project delivery specialists with extensive experience in code review, covering both frontend and backend development

  • GovCMS technical solution architect to provide a high level of technical governance and oversight to your project


Our team goes through your code focusing on:

  • How well-organised and structured is the code?

  • Are Drupal coding standards being followed?

  • Is the Drupal API being used according to best practices (i.e. avoiding querying directly to the database)?

  • The use of Javascript and CSS libraries, well-formed markup (W3C validator) and accessibility (WCAG 2.0 AA).

  • Is the right use of PHP logic adopted in template files?

  • Reviewing audit log files (Drupal watchdog, Apache and PHP logs) for compromised code that leaves warnings and notices.


The assessment includes:

  1. Coding standard compliance check

  2. Code security check for vulnerabilities

  3. Coding patterns

  4. Code performance analysis

  5. Business logic validation check

  6. Cross-browser checks for client-side business logic

  7. Module/code testing in test environment

Related news

Salsa Digital Drupal Development Best Practices Guide

Our Drupal Development Best Practices Guide is a technical white paper that provides detailed insights into creating and developing enterprise-grade Drupal projects.


Best practice for custom requirements

Often when looking at open source options like Drupal, GovCMS or CKAN, the core modules don’t meet all your requirements. So what’s the best practice for implementing your required functionality?


Developer experience

Developer experience and codebase control are essential elements for any digital project. Salsa projects are built on standardised and proven development processes and tools. This delivers rapid deployments, greater predictability, reduced risk of regression errors and overall developer confidence and happiness.


Web applications security #1

This three-part blog series reviews and discusses the security of web applications. This first blog examines a secure process.


Web applications security # 2 — Five steps to maintain passive security

This three-part blog series reviews and discusses the security of web applications. This blog looks at how to protect your web application from a variety of web-based attacks through passive security.


Security at every level

Our three-part blog series reviews and discusses the security of web applications. This third and final blog in the series looks at how to protect your web application from a variety of web-based attacks through active security.


Drupal Installation Profile and Distributions

Drupal developer? Make your life easier and use Drupal Distributions!


How to improve website accessibility

Site accessibility is an important feature of any website, to make sure everyone can access your site. Below are some important accessibility issues to think about and some tips. The W3C’s Web Content Accessibility Guidelines (WCAG) provide an excellent standard, as does the DTA’s Digital Service Standard.


Other GovCMS services

Salsa’s other fixed price GovCMS services include:

Website assessments and advisory services

Make an informed decision on whether GovCMS is right for you.

Website rehosting and installation

Migrate your Drupal site onto a resilient, secure, monitored and fully managed public cloud platform backed by a 99.95% uptime SLA.

GovCMS theme development and enhancement services

Theme your GovCMS Drupal site to represent your agency’s brand and visual look and feel

Content migration and consolidation

Migrate your proprietary and/or legacy site onto Drupal GovCMS backed by a resilient, secure, monitored and fully managed public cloud platform with a 99.95% uptime SLA.

Site audits and technical reviews

Site audits and technical reviews help you identify any problems in your site, including security and performance issues.

Theme review

Make sure your site is accessible by all users and optimised to be viewed on different devices and internet browsers.

Ongoing GovCMS application support

Whether you’re on GovCMS SaaS or PaaS, ongoing GovCMS application support ensures the application layer for your website continues to remain secure and up-to-date (PaaS only), while also allowing you to build new enhancements and ad-hoc features.

User testing

Salsa provides user testing packages across visitor experience, content author experience, and user acceptance testing (UAT).

GovCMS out-of-the-box

Build and host a new site quickly on a resilient, secure, monitored and fully managed public cloud platform backed by a 99.95% uptime SLA, leveraging GovCMS’s ‘out-of-the-box’ features.

Back to all fixed price GovCMS services

Get in touch

Use the form below or call us on 1300 727 952 for an obligation-free chat about your agency’s GovCMS needs.

Contact us

Your browser is out-of-date!

Update your browser to view this website correctly. Update my browser now