How do you prevent your application to deteriorate over time? Or even improve your coding skills? That’s a question a lot of developers ask. I like to include some handy tools that help me check the state of an application and code. Since everything is changing so rapidly, it is sometimes hard to keep up with new releases and security vulnerabilities.
That is why I like to include these gems into my projects, since they keep me up-to-date with what is moving and helps me provide better code quality in the end.
If you do know any other useful tools, feel free to let me know.
bundler-audit : bundler-audit checks for vulnerable versions of gems listed in your Gemfile.lock. It tells you when it’s time to upgrade a gem and if there are any issues with the currently used gems. It uses the ruby-advisory-db which in turn fetches data from OSVDB, an open source vulnerability database.
bundle_outdated : bundle_outdates is simpler version of bundler-audit. It analyses your Gemfile and Gemfile.lock to find out if any gems in your project could be updated.
brakeman : brakeman is a static analysis security vulnerability scanner for Ruby on Rails applications. It works for Rails 2.X, 3.X and 4.X . You can output the reports in different formats like text, html, json, markdown or CSV. It is very configurable so you can tell what you want to test for specifically.
rubocop : rubocop is a static code analyser. While brakeman will scan for security vulnerabilities, rubocop will analyse your code against the guidelines outlined in the community Ruby Style Guide . A big plus is that you don’t have the follow all the guidelines. You can easily configure rubocop and customize what it needs to check for and what you consider less grave.
rails_best_practicses : rails_best_practices is a code metric tool to check the quality of Rails code against the known best practices.