At OmbuLabs we use popular open source tools to assess the complexity and test coverage of our client’s code base, looking for critical issues and security vulnerabilities.
In order to perform static code analysis for our clients, we like to do the following steps:
-
Generate a RubyCritic report of their source code. RubyCritic is an open source gem we help maintain that we use to measure the health of our client’s code, searching for duplications, code smells and pointing out possible improvements.
The following is an example of the output of running RubyCritic on a repository:
-
Review the most complicated files with less covered files, using SimpleCov data. SimpleCov is a tool that generates a report with the percent coverage of each of your files.
The following is an example of a Coverage Results Report. You can browse through it and view each individual source file and its coverage:
Source File Coverage View:
- Compare the most churned files with less covered files, using SimpleCov data.
- Run brakeman to find known security holes. Brakeman is a static analysis security vulnerability scanner for Ruby on Rails applications.
- Compile the most critical issues into a detailed report and share it with the client, to help define the best course of action to upgrade their application securely.