SonarSource Rules
  • Products

    In-IDE

    Code Quality and Security in your IDE with SonarQube Ide

    IDE extension that lets you fix coding issues before they exist!

    Discover SonarQube for IDE

    SaaS

    Code Quality and Security in the cloud with SonarQube Cloud

    Setup is effortless and analysis is automatic for most languages

    Discover SonarQube Cloud

    Self-Hosted

    Code Quality and Security Self-Hosted with SonarQube Server

    Fast, accurate analysis; enterprise scalability

    Discover SonarQube Server
  • SecretsSecrets
  • ABAPABAP
  • AnsibleAnsible
  • ApexApex
  • AzureResourceManagerAzureResourceManager
  • CC
  • C#C#
  • C++C++
  • CloudFormationCloudFormation
  • COBOLCOBOL
  • CSSCSS
  • DartDart
  • DockerDocker
  • FlexFlex
  • GitHub ActionsGitHub Actions
  • GoGo
  • HTMLHTML
  • JavaJava
  • JavaScriptJavaScript
  • JSONJSON
  • JCLJCL
  • KotlinKotlin
  • KubernetesKubernetes
  • Objective CObjective C
  • PHPPHP
  • PL/IPL/I
  • PL/SQLPL/SQL
  • PythonPython
  • RPGRPG
  • RubyRuby
  • RustRust
  • ScalaScala
  • ShellShell
  • SwiftSwift
  • TerraformTerraform
  • TextText
  • TypeScriptTypeScript
  • T-SQLT-SQL
  • VB.NETVB.NET
  • VB6VB6
  • XMLXML
  • YAMLYAML
Ruby

Ruby static code analysis

Unique rules to find Bugs, Security Hotspots, and Code Smells in your RUBY code

  • All rules 75
  • Bug17
  • Security Hotspot2
  • Code Smell56
Filtered: 3 rules found
configuration
    Impact
      Clean code attribute
        1. Rails applications should define a root route with proper controller#action syntax

           Bug
        2. Environment variables should be validated or have default values

           Bug
        3. Asset compilation should be disabled in production environments

           Code Smell

        Asset compilation should be disabled in production environments

        intentionality - efficient
        maintainability
        Code Smell
        • rails
        • performance
        • configuration

        This rule raises an issue when config.assets.compile is set to true in Rails production environment configuration files.

        Why is this an issue?

        How can I fix it?

        More Info

        Enabling asset compilation in production environments creates significant performance problems for Rails applications.

        When config.assets.compile = true is set in production, the Rails asset pipeline compiles assets on-demand during runtime. This means every request for a CSS, JavaScript, or image file must be processed by Sprockets, the Rails asset compilation engine.

        This live compilation approach has several serious drawbacks:

        • Performance overhead: Each asset request requires compilation processing, adding latency to page loads
        • Server resource consumption: The compilation process uses CPU and memory resources that should be dedicated to serving user requests
        • Missing optimizations: Live compilation bypasses important production optimizations like asset minification, compression, and fingerprinting
        • Caching issues: Dynamically compiled assets are harder to cache effectively, both on the server and in browsers
        • Deployment complexity: Production servers need development dependencies like JavaScript runtimes for compilation

        The Rails framework defaults to config.assets.compile = false in production for good reason. Assets should be precompiled during the deployment process using rake assets:precompile, which creates optimized, compressed, and fingerprinted versions that can be served efficiently by web servers.

        What is the potential impact?

        Applications with asset compilation enabled in production will experience slower page load times, increased server resource usage, and reduced scalability. Users will face longer wait times when loading pages, especially those with many CSS and JavaScript files. The server will consume more CPU and memory for asset processing instead of handling user requests, potentially leading to performance bottlenecks under load.

          Available In:
        • SonarQube CloudDetect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories

        © 2008-2025 SonarSource SA. All rights reserved.

        Privacy Policy | Cookie Policy | Terms of Use