The all-new Review Bot 3 brings enhancements to every area of the product. New Docker images to ease installation, new code review tools to spot problems in more languages, a new Secret Scanner that looks for leaked credentials or API tokens, and a new worker experience. Plus many, many bug fixes.
Review Bot is now easier to install than ever, thanks to our new official Docker images.
You can create your own Review Bot worker image with the specific tools you need by using beanbag/reviewbot-base, or you can use one or more of the following pre-built images for reviewing:
- reviewbot-c: C/C++ and Objective-C/C++
- reviewbot-go: Go
- reviewbot-java: Java
- reviewbot-python: Python
- reviewbot-ruby: Ruby
- reviewbot-rust: Rust
- reviewbot-shell: Shell Scripts
- reviewbot-fbinfer: Multiple languages through FBInfer
- reviewbot-pmd: Multiple languages through PMD
Our Review Board Docker image has been updated to include the extension for Review Bot 3.
See our documentation on using or customizing the Review Bot docker images.
Review Bot can now check all published diffs for any accidental passwords, API tokens, or other credentials included in the code. This is a red flag to the author of the change to quickly reset those credentials
This is built into the Review Bot worker. No special tools are required. See the Secret Scanner documentation for information on what kinds of credentials Review Bot looks for, and let us know if you have any you’d like us to add.
Improved Code Review Tools
Review Bot 3 includes new tools for reviewing Go, Rust, Ruby, and Bash/Dash/KSH/SH shell script code. It also now includes support for Facebook’s FBInfer tool.
For more information, see our documentation on:
Most existing tools have also been improved, with better reporting capabilities, new configuration options, and better compatibility.
A New Worker Experience
We’ve completely reworked the Review Bot worker, adding new configuration options, a more useful startup and diagnostics screen, and a streamlined command line.
Configuration improvements include:
- Authentication cookie paths, tool executable paths, and Java classpaths are all customizable.
- The location of the Review Bot configuration can now be set on each worker.
- The list of full-access repositories or Review Board servers can now be managed in JSON files you control.
During startup, if anything is missing or any full-access repositories are misconfigured, Review Bot will now let you know.
All changes are backwards-compatible.
Lots of Bug Fixes
Compatibility issues with tools and corner cases with applying patches have all been fixed.
We’ve addressed many headaches with getting things configured, providing better guidance when things go wrong.
Race conditions between workers on full-access repositories are no more.
Performance has also been improved throughout the product.
Ready To Upgrade?
Upgrading is easy, and we have an upgrade guide to get you going.
If you’re new to Review Bot, the new Docker images make it easier than ever to get started.
See the Review Bot documentation for installation and usage instructions, and for the complete list of supported tools.
If you want to know what else is in 3.0, check out the release notes.