Code Reviewing a Ruby on Rails application

Jul 3, 2023
8 min read
1519 words

Ruby is a programming language that is often praised for its simplicity, elegance, and expressiveness. Just like any other programming language, it's important to focus on writing good quality code to ensure that the applications we build are reliable, scalable, and easy to maintain. Writing high-quality, maintainable Ruby code is essential for developing applications. Performing regular code reviews and using code quality tools can help catch problems early and improve your code over time. This article explores some of the best options for Ruby code reviews and quality analysis.

Importance of Code Review in Ruby on Rails Development

Code reviews are an important practice in software development that can:

Maintain code quality

By having another set of eyes review the code, issues like inefficient algorithms, poor variable names, unnecessary complexity, and bad practices can be caught and corrected before the code is merged. This helps maintain a consistent code style and quality standard.

Improve collaboration

The code review process involves a discussion between reviewers and authors, sharing knowledge and best practices. This fosters communication and collaboration between team members.

Best Practices to Ensure Better Code Quality of Your Software in 2023

Reduce bugs

Catching bugs early during code reviews is much cheaper and faster than fixing them later after the code has been merged and released. This significantly improves software reliability.

6 Proven Tips To Prevent Software Bugs For Developers

Opportunities for refactoring

Reviewers may spot opportunities to refactor or restructure code in a more maintainable way. This can improve the design and architecture of the codebase over time.

7 Code Refactoring Techniques in Software Engineering - GeeksforGeeks

Share knowledge

Junior developers can learn good coding practices and design patterns by reviewing the code of more experienced developers, and vice versa.

Encouraging Teamwork Through Knowledge Sharing - ASPHN

Performance issues are identified

Reviewers may spot performance bottlenecks, inefficient algorithms or resource usage issues that impact performance. These can be addressed before the code is merged.

Website Performance & Health Monitoring: Tips & Best Practices

Common Challenges in Ruby on Rails Code

When working with Ruby on Rails code, developers often face various challenges that can impact the overall quality of their applications. These challenges can range from performance bottlenecks and scalability concerns to security vulnerabilities. Addressing these common challenges is crucial.

Here are some common challenges developers face when working with Ruby on Rails code:

Performance bottlenecks

Performance bottlenecks in Ruby on Rails occur when certain parts of the code or system architecture significantly slow down the application's performance. Let's consider an example to illustrate this:

# Slow query due to inefficient use of ActiveRecord
@users = User.all
@users.each do |user|
  user.orders.each do |order|
    # Perform some calculations or operations on each order
# Optimized query
@users = User.includes(:orders)
@users.each do |user|
  user.orders.each do |order|
    # Perform some calculations or operations on each order

The above-unoptimized code, makes a separate database query to fetch each user's orders, resulting in N + 1 queries total where N is the number of users.

The optimized code uses eager loading to fetch all user data and all order data in 2 queries. This reduces the number of queries from N + 1 to a constant number, improving performance.

Scalability concerns

As traffic and data volumes increase, Rails applications can struggle to scale vertically on a single server. Scaling horizontally across multiple servers and databases requires additional configuration and tooling.

Security vulnerabilities

Like any framework, Rails has had security vulnerabilities over the years that require patching. Developers must keep dependencies up to date and follow secure coding practices.

Code readability problems

Rails aims for convention over configuration, but this can result in "magic" that makes the code less readable for new developers. Over time, the codebase can become cluttered and difficult to navigate.

Dependency management

Rails has a large number of dependencies that must be managed and kept up to date. Outdated dependencies can introduce security vulnerabilities or cause compatibility issues.

Database migration issues

Rails uses Migrations to manage database schema changes, but over time these can become complex and difficult to maintain. Schema refactoring may be required.

Tools for Ruby on Rails Code Review


RuboCop is a Ruby static code analyzer (a.k.a. linter) and code formatter. Out of the box it will enforce many of the guidelines outlined in the community Ruby Style Guide. Apart from reporting the problems discovered in your code, RuboCop can also automatically fix many of them for you.

rubocop                                # Check entire project
rubocop --auto-correct                 # Automatically correct offenses
rubocop --only Rails/ActionFilter      # Check specific cop


  • Enforces a consistent Ruby style across the codebase. This makes the code easier to read and maintain for other developers.

  • Finds potential bugs and errors early. RuboCop will detect issues like syntax errors, unused parameters, missing translations, etc.

  • RuboCop rules can catch issues that make tests fragile or hard to write.

  • Consistent code style across a Rails app makes it easier for new developers to understand and maintain the codebase.


Reek is a code smell detection tool for Ruby that helps identify potential design issues. It analyzes your codebase and provides feedback on areas that might benefit from refactoring or improvement. Here's an overview of what Reek is and how to use it:

reek app/                                  # Check whole app directory
reek -c reek.yml app/models/*.rb           # Check models with config

GitHub - troessner/reek: Code smell detector for Ruby


  • Reek analyzes your Ruby code and detects potential problems like feature envy, long parameter lists, etc. This helps catch issues before they become serious problems.
  • By reducing code smells, Reek helps make your Rails code more readable and easier for new developers to grasp.
  • For detected code smells, Reek can provide concrete suggestions to improve the code.


Brakeman is a static analysis security vulnerability scanner for Ruby on Rails applications. It finds potential security issues in Rails applications by examining the Ruby code. Brakeman helps find and fix security holes before deploying your Rails app.

brakeman                          # To run brakeman
brakeman your_rails_app           # Add path of the folder
brakeman -A                       # To run all the checks
brakeman -q                       # To suppress informational warning


  • Brakeman analyzes your Rails code to detect common security issues like SQL injection, XSS, remote code execution, and more.

  • Brakeman has checks for vulnerabilities that are specific to Ruby on Rails like mass assignment, unsafe redirects, and strong parameters.

  • By identifying and fixing vulnerabilities, Brakeman helps make your Rails app more secure.

  • Manually scanning code for security issues is time-consuming. Brakeman automates most of this work.


RSpec is a testing framework for Ruby that is widely used in the Ruby on Rails community. It allows developers to write and execute automated tests. RSpec promotes behavior-driven development (BDD) by providing a readable syntax for describing the expected behavior of the application.

bundle exec rspec                   # Run all spec files
bundle exec rspec -fd               # Run specs with failures/pending
bundle exec rspec path/to/spec.rb   # Run specific spec


  • RSpec uses a natural English-like syntax that makes specs easy to read and understand.

  • With automated tests, developers get faster feedback on whether code changes broke any functionality. This speeds up development.

  • RSpec's plugin architecture makes it easy to extend the framework with custom matchers, helpers, and more.


Flay analyzes ruby code for structural similarities. Differences in literal values, names, whitespace, and programming style are all ignored. Flay helps reduce code duplication and keep your code DRY (Don't Repeat Yourself).

flay .             # Analyzes the code within the current directory
flay --diff .      # Shows a side-by-side diff of the duplicated code

flay, a linter for Ruby - Rating And 47 Alternatives | Analysis Tools


  • Flay can detect duplicated methods, classes, and blocks of code that could be refactored into a shared method or module.

  • By identifying duplicated code, Flay helps developers reuse existing code rather than duplicating it. This reduces maintenance effort.

  • You can set the similarity threshold above which Flay will report a possible duplication.

  • For duplicated code, Flay can suggest ways to extract that code into a shared method or module.

  • As your Rails codebase grows, Flay continues to find new duplicated code that can be improved.

Wrapping up

In conclusion, code reviews are essential for high-quality Ruby on Rails applications. They catch issues early, improve consistency and transfer knowledge between developers. Though time-consuming initially, code reviews save much more time by reducing bugs and improving maintainability. Start small with partial code reviews and expand coverage over time as the team adapts. The benefits to code quality, productivity and sustainability make code reviews a best practice for any Rails development process. Implementing regular code reviews should be a top priority for any team-building.

Jatin's Newsletter

I write monthly Tech, Web Development and chrome extension that will improve your productivity. Trust me, I won't spam you.

Share on Social Media: