Code Review Workflows | SLAs & Reviewer Assignment
Establish efficient code review with auto-assignment, SLAs, and checklists. GitScrum integrates with GitHub, GitLab, Bitbucket for PR tracking.
13 min read
Code reviews are critical for maintaining quality, sharing knowledge, and catching bugs before production. But poorly designed review processes can become bottlenecks that frustrate developers and slow delivery. GitScrum's integrations and workflow features help establish review practices that are thorough yet efficient, ensuring quality without sacrificing velocity.
The Code Review Challenge
Common review problems:
| Problem | Impact |
|---|---|
| Reviews take too long | PRs pile up, context lost |
| Inconsistent standards | Quality varies by reviewer |
| Unclear expectations | Nitpicking vs. important feedback |
| Reviewer bottlenecks | One person blocks all PRs |
| No accountability | Reviews ignored or delayed |
GitScrum Integration Setup
Connecting Git Providers
Git Provider Integration:
SUPPORTED PLATFORMS:
βββ GitHub (Cloud & Enterprise)
βββ GitLab (Cloud & Self-hosted)
βββ Bitbucket (Cloud & Server)
CONNECTION STEPS:
1. Settings β Integrations β Git Providers
2. Select provider
3. Authorize OAuth connection
4. Choose repositories to connect
5. Configure sync settings
SYNC OPTIONS:
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Git Integration Settings β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β Repository: acme/frontend β
β β
β Sync Settings: β
β β Link branches to tasks (pattern: TASK-###) β
β β Link PRs to tasks β
β β Update task status on PR events β
β β Show PR status in task details β
β β Import PR comments as task comments β
β β
β Status Mapping: β
β PR Opened β Move task to: [In Review βΌ] β
β PR Approved β Move task to: [Approved βΌ] β
β PR Merged β Move task to: [Done βΌ] β
β PR Closed β Move task to: [No change βΌ] β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Automatic Task Linking
Branch Naming Convention:
PATTERN: [type]/TASK-[id]-[description]
Examples:
βββ feature/TASK-456-user-search
βββ fix/TASK-789-login-bug
βββ refactor/TASK-101-cleanup-auth
βββ chore/TASK-202-update-deps
Auto-Detection Flow:
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β 1. Developer creates branch: β
β git checkout -b feature/TASK-456-user-search β
β β
β 2. GitScrum detects pattern "TASK-456" β
β β
β 3. Task TASK-456 auto-updated: β
β βββ Status: β In Progress β
β βββ Branch: feature/TASK-456-user-search β
β βββ Activity: "Branch created by @alice" β
β β
β 4. When PR opened: β
β βββ PR linked to task β
β βββ Status: β In Review β
β βββ Activity: "PR #123 opened" β
β β
β 5. When PR merged: β
β βββ Status: β Done β
β βββ Activity: "PR #123 merged to main" β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Reviewer Assignment
Automated Assignment Rules
Reviewer Assignment Configuration:
ASSIGNMENT STRATEGIES:
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Reviewer Assignment Rules β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β β
β Strategy: [Round Robin βΌ] β
β β
β Options: β
β βββ Round Robin: Rotate through team members β
β βββ Load Balanced: Assign to person with fewest reviews β
β βββ Code Ownership: Based on file paths changed β
β βββ Random: Random selection from pool β
β βββ Manual: Author selects, with suggestions β
β β
β Reviewer Pool: [Frontend Team βΌ] β
β βββ @alice (senior) β
β βββ @bob (senior) β
β βββ @carol (mid) β
β βββ @david (mid) β
β β
β Required Reviewers: [2] β
β β
β Rules: β
β β At least 1 senior reviewer β
β β Cannot review own PRs β
β β Exclude on PTO (sync from calendar) β
β β‘ Require specific reviewer for [security/*] β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Code Ownership Mapping
CODEOWNERS-style Assignment:
File Path Rules:
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Code Ownership Configuration β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β β
β Path Pattern Owners Required β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β /src/api/* @api-team 1 β
β /src/components/ui/* @ui-team 1 β
β /src/auth/* @security-team 2 β
β /src/payments/* @payments-lead 1 + @security β
β /database/* @dba-team 1 β
β *.sql @dba-team 1 β
β /tests/* @qa-lead Optional β
β /docs/* @tech-writer Optional β
β * @default-reviewers 1 β
β β
β Priority: First match wins (top to bottom) β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Example PR:
Files changed:
βββ src/auth/login.ts
βββ src/auth/session.ts
βββ src/components/LoginForm.tsx
Auto-assigned:
βββ @security-team (2 required - auth files)
βββ @ui-team (1 required - component file)
Review Load Balancing
Load-Balanced Assignment:
CURRENT REVIEW LOAD:
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β REVIEWER WORKLOAD [This Week] β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β β
β Active Reviews: β
β Alice: [ββββββββ] 2 PRs (capacity: 4) β Next assign β
β Bob: [ββββββββ] 4 PRs (capacity: 4) Full β
β Carol: [ββββββββ] 3 PRs (capacity: 4) β
β David: [ββββββββ] 2 PRs (capacity: 4) β Next assign β
β β
β Review Stats This Week: β
β βββ Alice: 8 completed, avg 4h response β
β βββ Bob: 6 completed, avg 6h response β
β βββ Carol: 7 completed, avg 3h response β
β βββ David: 5 completed, avg 8h response β
β β
β Assignment Logic: β
β 1. Filter: Not at capacity β
β 2. Filter: Not on PTO β
β 3. Filter: Not PR author β
β 4. Sort by: Current active reviews (ascending) β
β 5. Assign to: First in list β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Review SLAs and Tracking
Time-Based Expectations
Review SLA Configuration:
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Code Review SLAs β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β β
β First Response SLA: β
β βββ P0/Critical: 2 hours β
β βββ P1/High: 4 hours β
β βββ P2/Normal: 8 hours (1 business day) β
β βββ P3/Low: 24 hours β
β β
β Review Completion SLA: β
β βββ Small PR (<100 lines): 4 hours after first response β
β βββ Medium PR (100-500 lines): 8 hours β
β βββ Large PR (>500 lines): 24 hours β
β β
β Escalation Rules: β
β βββ 50% of SLA: Reminder to reviewer β
β βββ 100% of SLA: Notify team lead β
β βββ 150% of SLA: Escalate to eng manager β
β βββ 200% of SLA: Allow merge without full review β
β β
β Working Hours: Mon-Fri 9AM-6PM (team timezone) β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Review Status Dashboard
Review Pipeline Dashboard:
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β CODE REVIEW PIPELINE [Last 7 Days βΌ] β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β β
β Current Status: β
β βββ Awaiting Review: 8 PRs β
β βββ In Review: 5 PRs β
β βββ Changes Requested: 3 PRs β
β βββ Approved (pending merge): 2 PRs β
β β
β SLA Performance: β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β β First Response ββ
β β On Time: ββββββββββββββββββββ 85% ββ
β β Late: ββββ 15% ββ
β β ββ
β β Review Completion ββ
β β On Time: ββββββββββββββββββ 78% ββ
β β Late: ββββββ 22% ββ
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β β
β Aging PRs (SLA Risk): β
β βββ π΄ PR #456: 6h overdue (assigned: @bob) β
β βββ π‘ PR #461: 2h remaining (assigned: @carol) β
β βββ π‘ PR #463: 3h remaining (assigned: @alice) β
β β
β Weekly Metrics: β
β βββ PRs reviewed: 47 β
β βββ Avg time to first response: 3.2h β
β βββ Avg time to approval: 8.4h β
β βββ Review cycles per PR: 1.4 β
β βββ Approval rate: 94% β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Review Checklists
Standardized Review Criteria
Code Review Checklist Template:
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β PR REVIEW CHECKLIST β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β β
β FUNCTIONALITY β
β β‘ Code does what the task description says β
β β‘ Edge cases are handled β
β β‘ Error handling is appropriate β
β β‘ No obvious bugs β
β β
β CODE QUALITY β
β β‘ Code is readable and self-documenting β
β β‘ Functions/methods are appropriately sized β
β β‘ No code duplication β
β β‘ Follows project conventions and patterns β
β β
β TESTING β
β β‘ Unit tests cover new functionality β
β β‘ Tests are meaningful (not just for coverage) β
β β‘ Edge cases are tested β
β β‘ Tests pass locally and in CI β
β β
β SECURITY β
β β‘ No sensitive data exposed β
β β‘ Input validation in place β
β β‘ Authentication/authorization correct β
β β‘ No SQL injection or XSS vulnerabilities β
β β
β PERFORMANCE β
β β‘ No obvious performance issues β
β β‘ Database queries are efficient (no N+1) β
β β‘ Appropriate caching considered β
β β
β DOCUMENTATION β
β β‘ Complex logic has comments β
β β‘ API changes are documented β
β β‘ README updated if needed β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Checklist Enforcement:
βββ All items must be checked before approval
βββ Unchecked items require comment explaining why N/A
βββ Automated check blocks merge if checklist incomplete
Context-Specific Checklists
Conditional Checklists:
TRIGGER: PR touches /src/api/*
CHECKLIST: API Review
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β β‘ API versioning considered β
β β‘ Request/response schemas validated β
β β‘ Rate limiting in place β
β β‘ Error responses follow standards β
β β‘ OpenAPI spec updated β
β β‘ Integration tests added β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
TRIGGER: PR touches /database/* or *.sql
CHECKLIST: Database Review
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β β‘ Migration is reversible β
β β‘ Indexes added for new queries β
β β‘ No breaking changes to existing columns β
β β‘ Performance impact assessed β
β β‘ Backup/rollback plan documented β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
TRIGGER: PR label = "security"
CHECKLIST: Security Review
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β β‘ Security team has reviewed β
β β‘ Penetration testing if applicable β
β β‘ Secrets rotated if exposed β
β β‘ Audit logging in place β
β β‘ Compliance requirements met β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Feedback Quality
Comment Categories
Structured Feedback Types:
COMMENT PREFIXES:
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Prefix Meaning Blocking? β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β [BLOCKER] Must fix before merge Yes β
β [ISSUE] Should fix, important Yes (usually) β
β [SUGGEST] Consider changing No β
β [NIT] Minor/style preference No β
β [QUESTION] Need clarification Depends on answer β
β [PRAISE] Good job, nice code No β
β [FYI] Information sharing No β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Examples:
[BLOCKER] This SQL query is vulnerable to injection.
Please use parameterized queries.
[ISSUE] This function is 200 lines. Consider breaking
into smaller functions for testability.
[SUGGEST] You could simplify this with a reduce():
const total = items.reduce((sum, i) => sum + i.value, 0);
[NIT] I'd prefer `isActive` over `active` for boolean naming.
[PRAISE] Really clean implementation of the cache layer!
[QUESTION] What happens if the user is null here?
Feedback Tracking
Review Comment Analytics:
COMMENT RESOLUTION:
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β PR #456: Add user search β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β Comments: 12 total β
β β
β By Type: β
β βββ BLOCKER: 1 β Resolved β β
β βββ ISSUE: 3 β 2 Resolved, 1 Pending β
β βββ SUGGEST: 4 β 2 Accepted, 1 Declined, 1 Pending β
β βββ NIT: 2 β Both Resolved β
β βββ PRAISE: 2 β N/A β
β β
β Resolution Rate: 83% β
β Pending Actions: 2 β
β β
β Can Merge: No (1 blocker pending) β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Team Review Patterns:
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β REVIEW PATTERNS [Last 30 Days] β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β β
β Comments per PR (avg): β
β βββ Alice: 8.2 (40% ISSUE, 30% SUGGEST, 20% NIT) β
β βββ Bob: 4.1 (60% ISSUE, 20% BLOCKER, 20% PRAISE) β
β βββ Carol: 6.5 (50% SUGGEST, 30% QUESTION, 20% NIT) β
β βββ David: 3.2 (70% ISSUE, 20% SUGGEST, 10% PRAISE) β
β β
β Most Common Issues Found: β
β βββ Missing error handling (23%) β
β βββ Insufficient tests (19%) β
β βββ Code duplication (15%) β
β βββ Performance concerns (12%) β
β βββ Documentation gaps (11%) β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Approval Workflows
Multi-Stage Approvals
Approval Requirements:
STANDARD PR:
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Requirements for Merge: β
β βββ 1+ approval from team β
β βββ All blockers resolved β
β βββ CI checks passing β
β βββ No unresolved threads β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
SENSITIVE AREAS:
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Path: /src/auth/*, /src/payments/* β
β Requirements: β
β βββ 2+ approvals β
β βββ 1 must be from security team β
β βββ All checklists complete β
β βββ Extended CI (security scans) β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
INFRASTRUCTURE:
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Path: /infrastructure/*, *.terraform β
β Requirements: β
β βββ DevOps team approval β
β βββ Cost estimate reviewed β
β βββ Rollback plan documented β
β βββ Change window scheduled β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Protected Branch Rules
Branch Protection Integration:
main/master:
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Protection Rules: β
β βββ β Require pull request before merging β
β β βββ Required approvals: 2 β
β β βββ Dismiss stale approvals on new commits: Yes β
β β βββ Require review from code owners: Yes β
β βββ β Require status checks to pass β
β β βββ CI: Build β
β β βββ CI: Unit Tests β
β β βββ CI: Integration Tests β
β β βββ CI: Security Scan β
β βββ β Require conversation resolution β
β βββ β Require signed commits β
β βββ β Include administrators β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
develop:
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Protection Rules: β
β βββ β Require pull request before merging β
β β βββ Required approvals: 1 β
β βββ β Require status checks to pass β
β βββ CI: Build, Unit Tests β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ