Building with Rails often feels straightforward until it’s time to make sure your codebase is healthy. From security checks and dependency audits to style enforcement and coverage reports, each needs its own tool, and keeping them all in sync is rarely smooth.
For many teams, audits end up scattered across scripts, folders, and half-finished reports. It works, but it’s far from efficient. To address this challenge, Sivamanikandan from RailsFactory introduced a new gem: rails_code_auditor.
Why auditing Rails apps can be frustrating
Auditing isn’t just about running a security scanner once in a while. It usually means juggling multiple utilities such as Brakeman, RuboCop, SimpleCov, rails_best_practices, and others. Each produces outputs in different formats and pulling them together into a clear picture takes time.
The common problems look like this:
- Results spread across different directories and formats.
- Reports that make sense to developers but confuse project managers.
- Incomplete snapshots of the codebase, leading to overlooked issues.
- Wasted hours preparing “audit summaries” for stakeholders.
The process becomes slow, repetitive, and too easy to push aside until problems escalate.
What rails_code_auditor does differently
rails_code_auditor combines these scattered steps into one. With a single command, it runs a suite of checks and delivers clear, consolidated reports.
The gem covers a wide spectrum:
- Security checks (Brakeman) to flag vulnerabilities.
- Dependency audits (Bundler Audit) for unsafe gems.
- Style consistency (RuboCop) to align code formatting.
- Rails conventions (rails_best_practices) for best practice reminders.
- Code complexity and smells (Reek, Flog) to highlight maintainability issues.
- Duplication detection (Flay) to catch repeated code.
- Test coverage (SimpleCov) for visibility on what’s tested.
- License scanning (License Finder) to spot compliance risks.
- Readable dashboards (RubyCritic) to make the findings visual.
- Performance hints (Fasterer) to address inefficient code.
Instead of piecing together results from multiple tools, you get one consistent report, making it easier to review, share, and act on.
Reports designed for clarity
The gem outputs everything into a report/ directory, with both HTML dashboards and ready-to-share PDFs.
That means developers can drill into details, while managers or non-technical stakeholders can view summaries that highlight strengths, risks, and priorities. By presenting results in a structured way, rails_code_auditor makes it easier to keep everyone aligned on the actual state of the codebase.
Optional AI assistance
rails_code_auditor also offers something new: the option to bring in local AI models (like LLaMA 3 through Ollama) for interpreting results.
When enabled, this layer goes beyond raw data. It can analyze summaries and suggest improvements, such as pointing out areas that need stronger tests or identifying code sections worth refactoring.
Importantly, everything runs locally, so teams maintain full control over their code and data.
Getting started
The installation process is quick and easy as it follows:
Add to your Gemfile:
gem 'rails_code_auditor'
Then install and run:
bundle install
bundle exec rails_code_auditor
Reports appear automatically in the report/ folder. For AI-enabled insights, run:
bundle exec rails_code_auditor --use-llm
Why this matters for teams
Audits are critical, but they often slip because the process is clunky. rails_code_auditor makes them practical to run regularly, even as part of CI pipelines.
- Developers get faster feedback without jumping between tools.
- Teams track progress with repeatable benchmarks.
- Managers see clear, accessible reports without extra preparation.
- Risks around vulnerabilities and licenses surface early, not at the last moment.
It simplifies what was once a fragmented routine into a workflow that’s easier to adopt and sustain.
Also, Sivamanikandan, who built this gem, has worked on multiple open-source tools at RailsFactory, including Redmine plugins like MailTicketSyncPro and Cloud Attachment Pro. Like those projects, rails_code_auditor comes from solving real-world developer pain points and is openly available for the community to use and improve.
The roadmap already points to future enhancements, such as richer dashboards and more AI integrations, so the tool will continue evolving with input from the community.
Final thoughts
rails_code_auditor takes the scattered world of Rails audits and turns it into a single, reliable process.
For developers, it saves time.
For teams, it improves visibility.
For projects, it reduces risk.
It’s a practical step toward making audits part of regular development rather than a last-minute burden.
If you are ever looking for the right team for your Rails project, whether it’s scaling, upgrading, or just getting unstuck, feel free to reach out to our team at Railsfactory. We’re happy to help!
Top comments (0)