A list of things that can/should be tested, preferably before commit/receive.
- SimianArmy
- muhafiz
- appCanary - Monitor servers for vulnerabilities
- UTF-8 BOM
- ruby-toolbox/rails_instrumentation
- ruby-toolbox/code_metrics
- Production Rails
- Secure Rails
- https://github.com/markets/awesome-ruby#code-analysis-and-metrics (+ possibly others on the page)
- https://github.com/sdogruyol/awesome-ruby#code-analysis-and-linter
- bullet - help to kill N+1 queries and unused eager loading
- rails_best_practices - a code metric tool for rails projects
- brakeman - A static analysis security vulnerability scanner for Ruby on Rails applications
- reek - Code smell detector for Ruby
- codesake-dawn - Dawn is a static analysis security scanner for ruby written web applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.
- rack-attack - Rack::Attack - Rack middleware for blocking & throttling
- bundler-audit - Patch-level verification for Bundler - Checks for vulnerable versions of gems
- Is it vulnerable? - Check gems for vulnerabilities
- Inch - A documentation analysis tool for the Ruby language (Also Inch CI)
- Active Record Doctor - A cure for your Active Record ailments. (index unindexed foreign keys, detect extraneous indexes)
- HAML
- Consistent tabs - http://haml.info/docs/yardoc/#indentation
- Security
- Are you throttling password guesses? Use Devise Lockable, Rack::Attack etc.
- Redundant close tag (
?>
) at EOF, especially if there is white space after it