Code Hunter

Hunt out weak spots in your rails application with 3 static metrics tools:

  • Brakeman - A static analysis security vulnerability scanner for Rails
  • RailsBestPractices - A code metric tool for rails projects
  • Pendaxes - A tool to detect pendings in spec files


$ gem install code_hunter


$ code_hunter --help
Usage: code_hunter [options]
        --application-path=          (default:    ./) rails application root path
        --format=                    (default:  yaml) output format (yaml or json)
        --no-brakeman                (default: false) disable brakeman
        --no-pendaxes                (default: false) disable pendaxes
        --no-rails-best-practices    (default: false) disable rails-best-practices

$ code_hunter --application-path /path/to/rails/root
- :service: brakeman
  :line: 8
  :path: config/routes.rb
  :message: All public methods in controllers are available as actions in routes.rb
    near line 8
  :sha1: 81887a2fb6efaa9dae59425ce7537c7905516ed0
  :author: Ryo Nakamura
  :email: [email protected]
  :modified_at: 1357783853
- :service: rails_best_practices
  :line: 9
  :path: config/routes.rb
  :message: ! 'restrict auto-generated routes examples (only: [])'
  :sha1: 81887a2fb6efaa9dae59425ce7537c7905516ed0
  :author: Ryo Nakamura
  :email: [email protected]
  :modified_at: 1357783853

$ code_hunter --application-path /path/to/rails/root --format json
[{"service":"brakeman","line":8,"path":"config/routes.rb","message":"All public methods in controllers are available as actions in routes.rb near line 8","sha1":"81887a2fb6efaa9dae59425ce7537c7905516ed0","author":"Ryo Nakamura","email":"[email protected]","modified_at":1357783853},{"service":"rails_best_practices","line":9,"path":"config/routes.rb","message":"restrict auto-generated routes examples (only: [])","sha1":"81887a2fb6efaa9dae59425ce7537c7905516ed0","author":"Ryo Nakamura","email":"[email protected]","modified_at":1357783853}]


If you want to ignore some warnings, write # ignore annotation as code comment.
If the detected line hits /#\s*ignore/i, it is ignored.

dangerous_but_necessary_code # ignore
dangerous_but_necessary_code # IGNORE
dangerous_but_necessary_code # Ignore for some reason


  • Ruby >= 1.9