Product Market Fit · Product launch

Looking for product Feedback

Pravin Uttarwar Serial Entrepreneur and CTO

July 28th, 2019

Hi Fellow Founders,


we have recently launched an automated code review platform for tech and non-tech founders. Being in this industry and working with startups found that there are lot of challenges not only founders face in early stages but also after product is released, like quality issues in source code, changing dev team is challenging due to the fact the code is written very badly, scalability and security issues and many many more.


In our product Codegrip we tried to make everything automated, meaning as soon as developer writes the code and commit on github/bitbucket or gitlab we scan and provide report to founders or managers who can take action right away instead when new team tells them about code quality issues, we also has slack integration so no need to go to website and check daily. Please gibe a try and provide me more feedback so we can keep improving the platform, in return will extend the trial by month. Let me know in case of any help needed, thanks in advance.

Jesse Tayler App Store Inventor, Startup Entrepreneur

July 31st, 2019

If this is a new service? I'd consider just dropping your paid plans until folks are comfortable with the brand, and the level of achievement for these features.

You're making a lot of claims that are hard to imagine being done well, like automated code smell? To the reader? This sounds like a contradiction of terms since code smell is by definition something a human does by cursory analysis of order and disorder.

Now, the idea of a reporting system that is higher level than watching git commit-logs and diff history sounds great but the claims without clear evidence or explanation make the service look to be suspect rather than innovative.

If it does work, your mission should be to get me to even try it and if I think I'm going to have to pay for it? That's a barrier to adoption for a new service, as described.

hope that helps! keep us posted about your progress, it's an interesting service idea that certainly could be broadly useful.

Paul Garcia marketing exec & business coach

July 29th, 2019

I'm having trouble determining several things about your service that would make me hesitate to try it.

1) how is my privacy and intellectual property protected?

2) what makes the automated scan better than my own code reviewers?

3) how do I know that your algorithms are suggesting things that are actually wrong or need to be fixed?

4) why is your service necessary?

5) what makes your model of coding better than our own developers' model of coding?

6) how can you possibly estimate the time to "fix" bugs if you don't know the capabilities of the people addressing those bugs?

7) are you able to test snippets of code or does the entire program need to be compiled?

8) what programming languages can you analyze?

9) what assures me that your coding suggestions are superior or more expert?

10) how is your baseline established or how is the severity of your discoveries ranked?

11) who are you and why should you be considered experts?

12) what is the typical performance improvement after running your service over a single application's code?

13) why is this a service appropriate for my situation?


There are key trust issues, an explanation of benefits, and a far more technical description of features that you have not addressed in marketing your service.


I can't give you a product review, but I can give you a marketing review. The above list are just some immediate barriers to me trying your service. I have thought of three or four objections per minute looking at your web site, and you should be able to tell how many minutes people are spending with your single-page web site to get a sense of how easy it is to resist your service offering as currently presented.




Pravin Uttarwar Serial Entrepreneur and CTO

Last updated on July 29th, 2019

Thanks for the feedback Paul, all valid questions and most of the time we get those from new users, so soon we are updating our knowledge base with detailed explanations. For now, let me answer your queries here -
1) how is my privacy and intellectual property protected?

  • This is commonly asked by everyone, that's why on our login page itself we have added detailed security practices we follow, putting those here as well -
  • Data Security - We use beyond traditional encryption techniques to secure important data, it usage FIPS 140-2 validated hardware security modules to protect encryption keys along with strong audit mechanism.
  • Transmission Security - We take data privacy very seriously. This is why all communication between your web browser and Codegrip is encrypted using an industry-standard SSL certificate issued by Amazon. You can always personally verify this by clicking on the lock symbol in your browser.
  • Infrastructure Security - We use our own Virtual Private Cloud (AWS VPC). Accesses to the infrastructure are restricted through firewalls, allowing accesses from internal networks only. Secure protocols are required for accesses and private keys are used for authentication.

2) What makes the automated scan better than my own code reviewers?

  • Time - Automated code reviews can save tons of developers time to review the code, if not 100% it can replace 90% of the manual review efforts easily. As per
  • Finding Unknowns - Manual code review might miss many things like duplication, security issues, finding coverage %, so automated code review can be useful to find such important issues inside the code.
  • Improved Accuracy and Scalability - Human errors can be there in case of manual reviews, sometimes even developers are lazy to do the review and just blindly accept the PR. Someone has rightly said, 10 lines of code = 10 issues. 500 lines of code = "looks fine."
  • Tracking - Manual code reviews are hard to track, what if lead wants a report of each developer for last one month regarding developers code quality? Automated code reviews can track each commit wise report and provide to the stakeholders.

3) how do I know that your algorithms are suggesting things that are actually wrong or need to be fixed?

  • Each issue along with details also provides suggestions, in that suggestion we provide details like a compliant solution, non-compliant approach and more importantly links to external pages from SEI, CWE, etc where best practices are mentioned, one quick example for a basic issue I am pasting here

A dead store happens when a local variable is assigned a value that is not read by any subsequent instruction. Calculating or retrieving a value only to then overwrite it or throw it away, could indicate a serious error in the code. Even if it's not an error, it is at best a waste of resources. Therefore all calculated values should be used.

Noncompliant Code Example

i = a + b; // Noncompliant; calculation result not used before value is overwritten

i = compute();

Compliant Solution

i = a + b;

i += compute();

Exceptions

This rule ignores initializations to -1, 0, 1, null, undefined, true, false, "", [] and {}.This rule also ignores variables declared with object destructuring using rest syntax (used to exclude some properties from object):

let {a, b, ...rest} = obj; // 'a' and 'b' are ok

doSomething(rest);


let [x1, x2, x3] = arr; // but 'x1' is noncompliant, as omitting syntax can be used: "let [, x2, x3] = arr;"

doSomething(x2, x3);

See

4) why is your service necessary?-

- As I mentioned in answer to Q 2.
5) what makes your model of coding better than our own developers' model of coding?

  • Every developer has its own style of coding, that being said there are industry-standard practices provided by CWE, SEI, etc, if we follow those then code can be much better, secure and readable, so regardless individual approaches for writing the solution, best practices should be followed.

6) how can you possibly estimate the time to "fix" bugs if you don't know the capabilities of the people addressing those bugs?

  • Issue Resolution time/Technical debt for each issue is set at the rule level, these estimates were made by seasoned professionals, in future we might give an ability to adjust those times as well, but as of now its low priority for us.

7) are you able to test snippets of code or does the entire program need to be compiled?

  • We scan each and every file which has code, e.g. if its Java project then we scan all java files. We make sure not a single line is missed from issues.

8) what programming languages can you analyze?

  • We support 15+ languages including python, java, c,c++, typescript, javascript, html, css, go, ruby and so on.

9) what assures me that your coding suggestions are superior or more expert?

  • You can refer to answer to Q#3, as we are following best practices from different global institutes our suggestions are definitely superior than any manual reviewer.

10) how is your baseline established or how is the severity of your discoveries ranked?

  • Severity is again calculated based on rules, each rule has severity defined, again this is not defined by us, its defined by industry professionals, we are adding customizations for user where they can enable/disable the rules and define the severity as well, this is most asked feature till now by enterprises, so it will be released in coming quarter.

11) who are you and why should you be considered experts?

  • Founders are serial entrepreneurs in the Software Industry with more than 20 years of experience, we were working on IT services and code review process was broken internally which was affecting quality, so we came up with our own internal automated code review platform, after using it for a while whole product is revamped and made available to public with more features and security, it took more than 15 months to complete the product and make it live. Also, we do have advisors who worked on SaaS platforms earlier and also got great exits in their own startups, so the overall team is comprised of great minds.

12) what is the typical performance improvement after running your service over a single application's code?

  • Based on feedback till now, we got great positive responses and many customers told that apart from saving a lot of time(which in short saving money) they were also able to find many aspects like duplication, code coverage, etc easily which was hard to find in an earlier process. Another important aspect they told that now it's easier for them to measure individual project or dev quality in the dashboard.

13) why is this a service appropriate for my situation?

  • As your are marketer(non-tech) and assuming you are working on some product with some team members, so how you will be making sure that your developer's code quality is up to the mark and following industry standards? How you will make sure that if products scales and you bring new inhouse team will they be able to understand the code? There are a lot of challenges for non-tech founders, with this tool they can easily solve many of them and focus on product marketing rather than worrying on technical challenges.

Hope my answers clear the air for you to market :P. happy to answer further Q as well.

Pravin Uttarwar Serial Entrepreneur and CTO

July 31st, 2019

Thanks for the feedback Jason. Whatever I claimed it works and you can even check by signing up for the service. Now, coming back to price, we do have free plan for startups up to two users to try the platform and see features in action, after that they can upgrade for more users and features. We are adding few more features which are more exciting as well, will keep this thread updated once released. Looking forward to try it out, also we are looking for channel partners to help us spread the work, let us know if someone is interested as well 😊

Александр Пашкин Cofounder & CEO of global leasing and factoring platform.

August 23rd, 2019

Hello! Why can’t I find your application on iOS in Russia? It used to be. Are you still working in the Russian Federation or not? [Александр Пашкин - Chat @ Spike](https://www.spikenow.com/?ref=spike-organic-signature&_ts=4on5o) [4on5o]

Pravin Uttarwar Serial Entrepreneur and CTO

August 24th, 2019

Hi Alex, its not an iOS app, its web based SaaS product, please check codegrip.tech