Computer programs aren’t great at writing software to solve business problems, but they’re really good at analyzing and critiquing software that squishy humans have written. They’re the know-it-alls who point out every little problem with your code.
In your journey towards becoming a better software engineer, static analysis tools are absolutely essential.
Here are some of our favorite static analysis tools for ruby applications.
Local Tools
These are all installed and run locally on your machine.
Rubocop
RuboCop is a code formatter and style guide - every ruby developer should be using this! It’s easy to integrate with VS Code and other IDEs.
bundler-audit
bundler-audit : Check for vulnerable dependencies.
Brakeman
brakeman is a security-focused static analysis tool for ruby applications.
Rails Best Practices
rails-best-practices analyses your Rails application and provides feedback based on best practices.
Rubycritic
rubycritic wraps around other static analysis tools (reek, flay, and flog) to create quality reports of ruby code.
SonarQube
SonarQube is a powerful tool provides excellent feedback and analysis in three key areas: Reliability, Security, and Maintainability. We love it because it creates a comprehensive web-based dashboard that is easy to review.
Hosted Solutions
These tools integrate with your repositories and perform analysis on a hosted platform.
CodeClimate
Code Climate provides excellent, configurable feedback on code quality. It’s a great way for teams to assess the overall quality of their codebase, and to identify problem areas that need prioritizing.
Caveats
It’s important to take the results of a static analysis with a grain of salt and keep things in context.
For example, here are the results of Code Climate Analyses for popular repositories:
- Bitcoin : 5/5
- Ruby on Rails : 3/5
- Express : 3/5
- Angular : 3/5
- Docker : 3/5
- Node : 2/5
- Babel : 2/5
- Materialize : 2/5
- Git : 2/5
- React Bootstrap : 2/5