Code audit for Norwegian Refugee Council (NRC)

SolDevelo conducted a code audit for the Norwegian Refugee Council (NRC), enhancing the quality of a Digital ICLA Platform (KOBLI) – an application designed to help the NRC manage its operations, and effectively provide refugees with information they need.

The client

code audit nrc norwegian refugee council

The Norwegian Refugee Council (NRC) is a humanitarian, non-governmental organization based in Norway that provides assistance, protection, and durable solutions to refugees and internally displaced people worldwide. Operating in conflict zones and areas affected by disasters, the organization advocates for the rights of displaced individuals, aiming to ensure their safety and dignity. The NRC is known for its rapid response in emergencies and its long-term commitment to supporting displaced communities in rebuilding their lives.

KOBLI

Supporting the digital operations of NCR’s Information, Counseling, and Legal Assistance (ICLA) teams, KOBLI is a platform designed to enhance operational efficiency and empower refugees by providing streamlined access to critical legal and informational resources. This tool ensures that displaced individuals can easily find the assistance they need, fostering greater accessibility and independence. 

Its main functionalities include:

  • Managing the organization and its branches,
  • Creating websites with information for the end users (refugees),
  • Preparing templates/themes for these websites,
  • Managing refugees-related processes and data (documents, benefits, etc.).

Key benefits of the platform include its ability to enhance the safety, dignity, and efficiency of legal aid services. It allows refugees to navigate legal issues independently, access accurate information, and even engage directly with legal aid workers when needed. However, the platform also requires careful management to address risks such as data protection, misinformation, and ensure inclusivity across diverse user groups.

The challenge

The KOBLI application was initially developed by an outsourcing company. However, NRC was not satisfied with the results, the main reason being an alarming number of errors found in the app, evident from the first use.

To tackle the problem, NRC contacted SolDevelo. We were tasked with conducting an audit of the KOBLI application, aiming to identify all issues and evaluate the technical quality of the platform. The audit consists of two parts:

  • Code audit,
  • Functionality audit.

We were also to provide Quality Assurance services after the client had implemented changes based on our initial code audit. This included writing test cases, identifying new bugs, and thoroughly verifying the code quality of the updated app version to ensure its reliability and functionality.

The solution

We’ve prepared a comprehensive plan of our work based on the quality requirements and industry best practices. Since the initial code analysis has been already completed by one of the client’s teams, we moved on to verifying whether the bugs discovered have been fixed.

Our code audit covered the following areas:

  • Statistical code analysis using tools like SonarQube, IntelliJ WebStorm, and linters,
  • Code quality and best practices – Angular-specific aspects, CSS quality, HTML quality,  
  • Codebase maintenance – Repository configuration, versioning, file structure,
  • Cloud – Proper use of cloud services,
  • API RESTfulness – Checking whether the API adheres to REST principles,
  • MongoDB – Best practices (e.g., use of indexes),
  • Automated tests (unit tests, integration tests, functional tests, etc.),
  • Documentation – JSDoc and internal repository documentation.  

Results and conclusions

Once the report was completed, we evaluated the overall quality of the code, placing it on a 0% – 100% percentage scale, where 100% meant a perfect code implementation, and 50% meant that the team needs to stop all new functionality development and focus solely on fixing the critical bugs.

KOBLI scored 70%, indicating that while the team can still continue the development of new features, part of its time needs to be dedicated to paying off the technical debt.

After the initial audit, we’ve continued to provide QA support, writing new test cases and searching for new bugs. We’ve also conducted a follow-up audit, with the aim of verifying whether issues pointed out in the first audit have been resolved.

We’ve split the gathered concerns into a couple of categories:

  • Kubernetes/Deployment,
  • Dockerization,
  • UI/Angular,
  • Workspace,
  • Static code analysis.

Although most of the issues were already taken care of, some of them remained unresolved or only partially resolved. We’ve gathered our observations and provided the client with the second audit results.

The project was an invaluable experience for our team and gave us a chance to broaden our skills, while at the same time using our knowledge to help those in need navigate through their situation with more ease.

Technologies used

sonarqube
webstorm

Author

Scroll to Top