Code Review Tasks

Code Review tasks are great to use for tasks where you want a learner to need to review some form of code and need to read it to select a line and answer.

For example, you could specify misconfigured code, and the learner would need to identify the misconfigured line and the vulnerability it is associated with.

These tasks are ideal for scenarios where you want learners to develop their ability to read and analyze code critically. They are particularly useful for:

• Reinforcing secure coding principles by prompting learners to spot common flaws in real-world code examples.
• Assessing diagnostic skills, since learners must locate the exact line of concern and correctly categorize the vulnerability.
• Encouraging active engagement with the code, requiring learners to evaluate logic and flow rather than passively reading.
• Validating technical knowledge, where learners demonstrate an understanding of both coding practices and security concepts.
• Building pattern recognition, helping learners identify vulnerable coding patterns across different contexts and languages.

We recommend ensuring that the vulnerable line and correct classification are clearly supported by the lab content to provide a fair and effective challenge.

Building a Code review task

To build a Code review task:

1. From the Task Library, select the Code review task type and click Add.

2. Click Edit to configure your Code review task.  

   

3. The Title allows you to configure what appears as the title of the Code review, giving you the option to make it unique to your task. For example, "Select the line numbers containing the vulnerable code, then select the correct CWE identifier for the vulnerability."

4. From the Reset drop-down list, you can change the language, if desired. 

   

5. You can select the line the user has to select by clicking on the line inside the code window on the line.

    

   

   You can select as many lines as possible, but selecting multiple lines will mean the user will need to select all the lines for the answer to be correct.

   

   If you want to add multiple possible correct answers, you can do this by clicking Add solution at the bottom right, which will open a new tab.

   

   This can be highly useful if you want to add multiple correct lines but don't want the user to select all of the lines at once to have the answer accepted.

6. Answer options let you configure both the answer prompt (for example, "Select a vulnerability") and the set of choices. This gives you complete flexibility to tailor the options to your needs—whether you want learners to identify a vulnerability, select a misconfiguration, or choose another type of issue.

   

   You can remove answer options by clicking X or add new options by clicking Add option.

7. You can configure Answer Feedback, which allows you to set up hints and explanations for the code review task.

   • Hints appear when a learner selects an incorrect answer, helping guide them toward the correct line or vulnerability without giving it away outright. Well-crafted hints encourage critical thinking and reduce frustration by nudging learners in the right direction.
   • Explanations appear after the correct answer is chosen, reinforcing why it’s correct and clarifying why other options were incorrect. This helps learners consolidate their understanding and learn from mistakes.

   Using hints and explanations effectively enhances the learning experience by supporting self-correction, deepening understanding, and keeping learners engaged even when they struggle.

   

8. Click Save changes.