Tools for auditing Rails applications
- “Code reviewer”
- Static code analysis (lint/style)
- Rubocop
- MetricFu - includes most others
- Reek
- Flay - code similiarities
- RailsBestPractices
- Fasterer
- Debride
- RubyCritic
- https://github.com/CoralineAda/fukuzatsu
- https://github.com/amatsuda/traceroute - Find unused routes/controller actions
- https://github.com/seattlerb/flog
- grep
grep -ir "todo" appgrep -ir "has_and_belongs_to_many" app
- Template analysis/lint:
- erblint - Lints ERB or HTML files.
- haml-lint - Keeps HAML files clean and readable.
- markdownlint - Lints Markdown files.
- puppet-lint - Checks Puppet manifests conformity with the style guide.
- scss-lint - Lints SCSS files.
- slim-lint - Lints Slim templates.
- yard-junk - Lints YARD documentation.
- Static code analysis for security
- Gemfile analysis
- https://github.com/rubysec/bundler-audit - Patch-level verification for Bundler
- https://github.com/rubymem/bundler-leak - Gem memory leak checking
- https://github.com/appfolio/gemsurance - Gem vulnerability checker using rubysec/ruby-advisory-db
- https://github.com/nevir/Bumbler - find slow loading gems
- Check if gems are hosted on forks that can be pulled from under your own control.
- Upgrading rails
- n+1 detection
- Bullet gem + tests
- Code coverage
- SimpleCov + tests
- Production: https://github.com/danmayer/coverband
- Keep Your code coverage feedback loop short: https://github.com/grodowski/undercover
- Ruby version analysis
- https://github.com/civisanalytics/ruby_audit
- ORM+schema consistency check
- https://github.com/gregnavis/active_record_doctor
- https://github.com/trptcolin/consistency_fail
- https://github.com/plentz/lol_dba
- https://github.com/matthuhiggins/foreigner
- https://github.com/KevinColemanInc/yeet_dba
- https://github.com/djezzzl/database_consistency
- https://github.com/jenseng/immigrant
- https://github.com/ankane/strong_migrations
- Licensing check:
- license_finder - avoid GPL gems
That's it for this post, thanks for reading!