- Build and run the code to make sure everything is working well
- Set some internal coding rules (We can use google or linux kernel coding rules as reference).
- For the form: linter (coding style)
- Should we initialize at the beginning of function or in the body of the function?
- Do we systematically check Api return type? How is Api return type computed?
Verify that coding rules and good practices (jean-philippe Aumasson secure coding practices for example) are respected.
Kcov/sonar – Asan – checkmarx we should run code coverage tools first to make sure we have huge/acceptable coverage percentage before using analysis tools. If not, we are just analysing a part of the code