Let's build great things together
ONLY THIS MONTH
Schedule Free Code Audit
Your codebase was not reviewed for more than 2 years
Enhancing the performance and responsiveness of your application
Planning to build a new feature for your app
Looking for a new development team
Fixing software bugs before selling your app
Scaling your application
Improving your application’s maintainability
Assessing an app that you want to buy
Finding security vulnerabilities in your codebase and wondering how to get them fixed
Take a code audit to filter defects during the review of requirements for an update of your application
It also guides the technical development of your app when scaling and adding new features. As a result, you save time and money and don’t risk breaking your app.
After a JetRuby systems architect carefully audits your code, you will receive a detailed
Our core recommendations for your code.
A list of your code’s vulnerabilities and their locations
Our estimate to upgrade your code using industry-standard best practices
The standard tool used for code style and code quality checks in Ruby is rubocop. The project contains a config file for rubocop, but it was added in 2016 and was not updated since 2019. We made some minimal changes to this config to make rubocop run. With these changes rubocop reports:
Most issues (autofixable) are related to the code styling and can safely be applied or disabled in the config. On the other hand, non-autofixable issues need investigation, for they may reveal actual code issues.
Another tool we used is called Rails Best Practices. It reports 423 warnings. Some of the warnings are related to the code style and are not too important, while the others are. The rails_best_practices report file is attached to the current document.
Brakeman reports possible security vulnerabilities. At the moment of writing it reports
== Overview ==
== Warning Types ==
This is a pretty good result for the project of this age. There are no critical issues reported by brakeman. Non-critical issues/warnings should be fixed though. In general, security issues should always be prioritized.
The complete brakeman report is attached to this document.
The entire business logic of the application is implemented in models and controllers. The project almost doesn’t use the methods to organize the code, such as ServiceObjects or other ways of encapsulating business logic and organizing code with the help of design patterns.
Cyclomatic complexity is a measure of the number of paths through a particular piece of code. High cyclomatic complexity usually leads to difficulty in testing and a significant deterioration in the comprehensibility of the codebase.
The application contains 307 tables. These tables are highly interrelated.
The application uses optimization techniques such as splitting data into tables so that it could be easily filtered with table joins and indexes.
DB Schema contains a lot of indexes that should speed up a search (Now, there is no way to test how these indexes are really used by a DB planner).
Most of the tables are using Integer type for IDs, while since Rails 5.1 the Rails Core Team is advocating to use bigint (Update on Basecamp 3 being stuck in read-only as of Nov 8, 9:22am CST). For an application like this, it’s quite easy to reach the default integer max value, which could lead to an unexpected outage or switch the whole system to a read-only state.
Based on the information about the environment files, all environments are highly similar by configuration. This is a good indicator and reduces the chance of errors due to different environment settings.
The application didn’t have automated tests at all. That leads to problems with code refactoring and adaptation to new requirements. In addition, the codebase is quite large and has a lot of interconnections, which means the team will never know how any change will affect the whole system. So to prove that everything works, the business will need to invest more money in manual testing.
Tests are often used as documentation for developers to understand how the whole system works. So if there are no tests, it’s also necessary to create and support comprehensive technical documentation.
README project doesn’t contain helpful links such as API documentation, other documentation, third-party services used, as well as the development process accepted by the team, such as branching or/and deployment rules.
Bundler Audit results are perfect. That means that all the gems in the project don’t have known vulnerabilities or don’t use insecure connections.
Rubocop (ruby static code analyzer) with a default config resulted in 628 files inspected, 39155 offenses detected, 32120 offenses auto-correctable.
A big part of business logic on controllers with many filters will be a problem during the initial test suite setup. The team will need to understand every aspect of the specific part to write down even the most straightforward test examples.
The lack of code isolation (e.g., using PORO classes) deprives the team of the ability to write unit tests on isolated logic. It is easier to test the interaction of parts of the system with each other afterward.
The app follows Rails Way, which was very popular about ten years ago. But it is written without using development approaches that guarantee quality and make it easy to maintain. Such a codebase is complicated to work with and develop. Any change in requirements and new functionality is complicated to build in. And reusing existing logic is virtually impossible. Most controllers in an application depart from the REST standards for this very reason. Because of this, they become extremely large. On the implementation side, testing is just one of the first steps needed to refactor the application. Refactoring, in the long run, Refactoring will increase the development speed and Time To Market for new functionality while increasing the system's fault tolerance.
In the Gemfile of the project, there is also no bug tracker such as Sentry or its alternatives. This leads to the difficulty of catching bugs in the production environment.
Our teams should cooperate closely to start automated tests development because of the reasons above; this will increase the time required for high quality and complete coverage of the application by automated test scenarios.
We have extensive first-hand experience developing cutting-edge HIPPA-compliant, EHR, EMR, ERX, HCRM custom solutions. It allows us to save a lot of time and money for our new clients.
We develop custom, profitable solutions that can easily handle any flow of customers and provide stable business growth.
JetRyby’s marketplace solution OzMarkt allows you to build a fully custom marketplace with the features you need, making it a huge budget-saver for startups and small businesses.
From corporate virtual training platforms with complex infrastructure to microlearning applications with progress tracking.
•Social media apps
•SM Publishing & Scheduling Platforms
•Social Network Analytic Tools
•Online Reviews and Polling
Grow your real estate business with a custom digital solution built by Jetruby experts.
Now is a good time to lunch your on demand delivery app.We’ve built several apps in this field. So we’ll develop yours faster and cheaper.
•Vehicle Location tracking
•Nearest Gas Station
•Merchants Real-time Notifications
•Digital Wallet Apps
•Taxi Business apps
•Taxi Business for Corporations
•Car Rental apps
•Air Taxi apps
Optimize your farming processes with our industry-specific expertise.
•Satellite & Drones
•Flawless Registration Process
•Listings and Schedules
•Event Feed Optimization
•Search and Categories
•Multiple purchase options
•Quick, problem-free purchasing
•Track and show inventory
•Personalized customers' experience
•Supply chain management
•Customer behavior analysis
•Task time tracking
•Notifications and reminders
•Travel Itinerary Generator
•Weather or Climate Forecasting
•Location-Based Emergency Services
•In-App Language Translator
Diet and Nutrition apps, Workout and Personal trainer apps, Meditation and yoga apps, Activity tracking apps
We’ve done it all.
Freelancer vs Agency. Pros & Cons
How & Where to look for developers
26 questions to ask any developer
12 signs of a good and bad developer
Automated Developer Evaluation Matrix
Score every developer and hire the best one!
Developers Comparison Template
Most important decision-making information organized in one place.