Unfortunately it seems that the database world lags a bit behind the code world in terms of tooling and approaches.

Products like SonarQube help in the code world as they allow a certain amount of self-policing. SonarQube does support PL-SQL but I'm not sure it supports T-SQL properly. I have heard that it expects databases to be installed as case sensitive which opens up a can of worms.

Beyond the "Yes we have code reviews" I would ask how you approach code reviews. I deliberately picked 2 nit picking curmudgeons to review my code because they could be guaranteed to find something wrong. If I could satisfy them then the code was a good as it could be. Mind you each of the other 2 curmudgeons used to use me for code reviews so what does that say about me:doze:

Manual code reviews are fine up to a point but having watched the code development world I think we need to make automated code reviews more of a priority.

Grant Fitchley reviewed SQLCop [/url]and there are others out there.

The beauty of mechanical reviews is that they are impartial and a yard stick against which you can measure yourself. Personalities don't come into play. There is no falling out between colleagues because of differences of opinion.

The other key advantage of products like SonarQube is that they provide useful metrics and also present metrics that will appease meddling managers. The worst thing you can do is introduce a process that generates a heavy weight measuring process that need to be "managed".