0.02
No commit activity in last 3 years
No release in over 3 years
Runs multiple audit and review tools to ensure quality and security of Rails projects
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Dependencies

Development

>= 0

Runtime

 Project Readme

Gem Version Code Climate

Rails Audit

Runs multiple audit and review tools to ensure quality and security of Rails projects

Usage

gem install rails-audit
rails-audit

Minor versions of the audit tools are fixed for a specific version of this gem. Apart from bug fixes in those tools, the code audit results should thus not vary if a specific version of this gem is included in a project's bundle.

Configuration

Additional parameters can be passed to any audit's binary by using a config/audit.yml file. A configuration for cane could look like the following:

Cane:
  Parameters: '--style-measure 120 --no-doc'

This can also be used to extend the command and e.g. redirect the output. (WARNING: Thi hase obvious security implications!) Suppressing the license_finder spinner, which is a good idea in CI, would work like this:

LicenseFinder:
  Paramters: '>/dev/null'

The audits' names are camel cased in the configuration file. They may be disabled like this:

BundleAudit:
  Enabled: false

Rails support may be disabled. Only pure Ruby audits are then executed:

Rails: false

To improve output to the expense of time concurreny can be disabled:

Concurrency: false

Audits

Brakeman is a security scanner for Rails.

bundler-audit checks Gemfile.lock for any insecure gem versions.

Cane is a code quality checker. Configuration is done by parameters.

Consistency Fail detects missing unique indexes in Rails projects.

License Finder checks Gemfiles for any dependencies with unapproved licenses. Approval and whitelisting is done through the license_finder binary.

rails_best_practices checks code for violations of the Rails Best Practices list. Configuration is done in the rails_best_practices.yml file, which can be generated using rails_best_practices -g.

RuboCop checks code for violations of the Ruby Style Guide. Configuration is done in the .rubocop.yml file. Rails cops are included automatically depending on whether or not Rails audits are enabled.