Code Review Questionnaire

The following is a transcription of the VA Network Security Operations Center (NSOC) Code Review Questionnaire received Nov 2013

Application Name:



List all developers


List all developers who contributed to the mobile application's (App) code base. The VA's Fortify license agreement is based on the developers who contributed to the application being scanned.

First Name
Last Name
Email Address

Projected Start Date for code review:

Desired End Date for code review:

Milestones dependent on the code review:

Previous code reviews


Below, enter details about previous code scans. How did you fix identified problems? List any security control libraries, frameworks and application programming interfaces (APIs) used to make the repairs.

Describe previous code review scans, if any:


List the application's primary code languages:

Build tools


Below, list the build tools and their versions. For example, Ant 1.9.2

List the the App's build tools:

Number of code lines


Below, enter the approximate number of code lines to help us estimate the review effort. In the following line, enter the number of files in the code package.

Enter the App's approximate number of lines of code: ______________

Enter the number of files in the App: ___________________

Planned Development Life cycle


To help us prepare for future code reviews of this product, describe its expected life cycle. If it is a new product, will it need more code reviews during pending development cycles? Will there be multiple releases of this App?

Describe whether this is a new App or a legacy App, and the application's expected life cycle: