# Rails Audit

Runs multiple audit and review tools to ensure quality and security of
Rails projects

## Usage

    gem install rails-audit
    rails-audit

## Audits

Additional parameters can be passed to any audit's binary by using an .audit.yml
file. A configuration for cane could look like the following:

    Cane:
      Parameters: '--style-measure 120 --no-doc'

The audits' names are camel cased in the configuration file. They may be
disabled like this:

    BundleAudit:
      Enabled: false

Rails support may be disabled. Only pure Ruby audits are then executed:

    Rails: false

### [Brakeman](http://brakemanscanner.org/)

Brakeman is a security scanner for Rails.

### [bundler-audit](https://github.com/rubysec/bundler-audit)

bundler-audit checks Gemfile.lock for any insecure gem versions.

### [Cane](https://github.com/square/cane)

Cane is a code quality checker. Configuration is done by parameters.

### [Consistency Fail](https://github.com/trptcolin/consistency_fail)

Consistency Fail detects missing unique indexes in Rails projects.

### [License Finder](https://github.com/pivotal/LicenseFinder)

License Finder checks Gemfiles for any dependencies with unapproved licenses.
Approval and whitelisting is done through the license\_finder binary.

### [rails\_best\_practices](https://github.com/railsbp/rails_best_practices)

rails\_best\_practices checks code for violations of the [Rails Best Practices list](http://rails-bestpractices.com/). Configuration is done in the rails\_best\_practices.yml file, which can be generated using `rails_best_practices -g`.

### [Rubocop](https://github.com/bbatsov/rubocop)

Rubocop checks code for violations of the [Ruby Style Guide](https://github.com/bbatsov/ruby-style-guide). Configuration is done in the .rubocop.yml file.
Rails cops are included automatically depending on whether or not Rails audits
are enabled.