Ruby Code Quality Metrics and Security

Code Climate is a great web-tool to check code complexity, duplications and security vulnerabilities. Internally, code climate uses Flog to calculate code complexity and BrakeMan for security vulnerabilities. But it checks only when we commit code to Git.

We can check code complexity and security issues before committing to git.

For code complexity:

  1. install flog

    gem install flog

  2. Goto project root path and run command:

find path_of_file -name *.rb | xargs flog

For example: find app/controllers/application_controller.rb -name *.rb | xargs flog

It will display the total complexity for the class, complexity per method and complexity of individual methods on terminal itself.

For security issues:

  1. install brakeman

gem install brakeman

  1. Goto project root path and run command:

    brakeman (this will give output in terminal itself)

    brakeman -o brakeman.html (this will create brakeman.html in project root with results)

We can use other options with brakeman. Please refer github repo( for options available.

Recently, Code Climate has added a post in their blog describing Complexity, duplication, etc in detail.

Link ->