When is the Right Time to Do a Code Audit?

Team Avatar - Mikel Lindsaar
Mikel Lindsaar
November 23, 2018

If you depend on your Ruby on Rails application to generate more than a few thousand dollars of revenue or service to your customers, getting a regular professional code audit done on your application is vital.


Modern web-based applications are like living and breathing things. The rate of development in some Ruby on Rails applications can be truly breathtaking. The ability to write new features, and deploy them to every user of your system on the same day, or even in the same hour, is something that traditional software developers of old could only dreamed of.

This rapid development pace can come at a cost, usually represented in what our industry calls Technical Debt. But it also manifests in unreliable code, poorly performing code and probably, worst of all, security breaches.

If you are not writing code on your application day to day, it can be difficult to know when your application needs a full Code Audit. Here are some indicators that may highlight the need for an audit:

1) It’s Been More Than a Year Since your Last Code Audit

A lot can happen in a year, especially if you are constantly developing your application. Getting a regular code audit means that you can spot improvements and highlight hotspots that need attention in the coming 12 months.

Most Rails applications take only a week or two to complete a very thorough code audit, so getting them done once a year or so is not onerous.

2) Your Rate of Development is Slowing Down

If you notice that the features aren’t rolling off the line and out the door as fast as they once were, this is an indication of technical debt building up that will cripple your development efforts if not addressed urgently.

A code audit can highlight areas of debt and, if done with this specifically in mind, can even help map out plans to handle the technical debt in the most efficient way possible. However, there is a caveat here: if your code audit highlights areas of technical debt, you need to be ready to invest in development time to correct the technical debt. You can do this with your internal team, or an external team, but it needs to be done.

3) You have Upgraded Versions of Dependent Software

If you have upgraded from say Rails 4.2 to Rails 5.2, it is a good time to complete a Code Audit because there will be many Rails 5.2 improvements that might not be utilised in the old code.

4) Your Application ‘feels’ bloated

It could be that when you are using your own application, you feel it is too slow, or not responsive enough. Getting a code audit done at this stage will highlight areas you should focus on to improve the overall speed and performance of your application.

5) You are Expanding your Development Team

This might not seem like a logical point, however, having a code audit done should provide you with a valuable punch list that you can hand to a new developer, supervised by your existing team to implement. This gives the new developer instant wins in tackling the code base, gets them familiar with how your application works, and allows them to contribute real benefits to the team straight away.

It also improves your app, so yes, a great way to start any new developer!

6) You are Shrinking your Development Team

Just like number 5, if you are reducing the number of developers on your team, it’s also good to get a professional code audit done to make sure there are no lurking problems that could come back to bite you in the future.

7) You are Raising Funds

If you are in a serious position of raising funds for your Rails application, having a code audit that says your application is in good shape, or even one pointing out the areas that need improvement, shows that you are serious about quality and protecting the interests and security of your user data.

8) You are Applying for PCI or Other Compliance-based Certifications

Sometimes you MUST get an external code audit to make sure your application meets certain criteria. This can be for PCI compliance, insurance, due diligence or many other reasons. Code audits provide you with some peace of mind that more than one set of eyes have reviewed the code and have deemed it to be OK.

9) You Have Had any Sort of Security Breach

Hopefully it should never come to this but, if you do have a security breach, you better get a code audit pronto to make sure it doesn’t happen again! Of course, a well-executed code audit should prevent this from happening anyway.


Code audits are like doing a checkup on any piece of machinery: they should be done regularly. To get one done, you can choose a professional organisation to deliver something approaching our Ruby on Rails Code Audit Inspect service, or if you have a large enough internal team, you can follow our checklist for a Rails Application code audit.

In any case, make space in your time and resource budget this year to get a code audit done on your Rails Application. The results will be well worth the time and expense.