When is the right time to do a code audit?

Mikel Lindsaar
4 min readNov 22, 2018


If you depend on your Ruby on Rails application to generate more than a few of thousand dollars of revenue or service to your customers, getting a regular professional code audit done on your application is vital.


Modern web-based applications are almost living and breathing things. The rate of development in some Ruby on Rails applications can be truly breath taking. The ability to write new features and deploy them to every user of your system on the same day, or even in the same hour, is something that traditional software developers of old only dreamed of.

This rapid development pace can come at a cost. This is usually represented in what our industry calls Technical Debt. It also manifests in unreliable code, poorly performing code and probably worst of all, security breaches.

If you are not writing code on your application day-to-day, it can be hard to know when your application needs a full Code Audit. Here are some indicators you can use:

1) It’s been more than a year since your last code audit

A lot can happen in a year, especially if you are constantly developing your application. Getting a regular code audit means that you can spot improvements and highlight hotspots that need attention in the coming 12 months.

For most Rails applications it only take only a week or two to complete a very thorough code audit, so getting them done once a year or so is not onerous.

2) Your rate of development is slowing down

If you notice that the features aren’t rolling off the line and out the door as fast as they were before, this is an indication of technical debt building up that will cripple your development efforts if not addressed urgently.

A code audit can highlight areas of debt, and if done with this specifically in mind, can even help map out plans to handle the technical debt in the most efficient way possible.

However, there is a caveat here, if your code audit highlights areas of technical debt, you need to be ready to invest in development time to correct the technical debt. You can do this with your internal team, or external team, but it needs to be done.

3) You have upgraded versions of dependent software

If you have upgraded from to Rails 5.0, it is a good time to complete a Code Audit because there will be many Rails 5.0 improvements that might not be utilised in the old code.

4) Your application ‘feels’ bloated

It could be that when you are using your own application, you feel it is too slow, or not responsive enough. Getting a code audit done at this stage will allow you to focus in on performance issues and highlight areas you could improve the overall speed of your application.

5) You are expanding your development team

This might not seem like a logical point, however, having a code audit done should provide you with a very valuable punch list that you can hand to a new developer, supervised by your existing team to implement. This gives the new developer instant wins in tackling the code base, gets them familiar with how your application works and allows them to contribute real benefits to the team straight away.

It also improves your application, so yes, a great way to start any new developer!

6) You are shrinking your development team

Just like number 5, if you are reducing the number of developers on your team, it’s also good to get a professional code audit done to make sure there are no lurking problems that could come back to bite you in the future.

7) You are raising funds

If you are in a serious position of raising funds for your Rails application, having a code audit that says your application is in good shape, or even one pointing out the areas that need improvement, shows that you are serious about quality and protecting the interests and security of your user data.

8) You are applying for PCI or other compliance-based certifications

Sometimes you MUST get an external code audit to make sure your application meets certain criteria. This can be for PCI compliance, insurance, due diligence or many other reasons.

Code audits provide you with some peace of mind that more than one set of eyes have reviewed the code and have deemed it to be OK.

9) You have had any sort of security breach

Hopefully it should never come to this, but if you do have a security breach, you better get a code audit pronto to make sure it doesn’t happen again!

Of course, a well-executed code audit should prevent this from happening anyway.


Code audits really are like doing a check-up on any piece of machinery. They should be done regularly.

To get one done, you can choose a professional organisation to deliver something approaching our Ruby on Rails Code Audit Inspect service, or if you have a large enough internal team, you can follow our checklist for a Rails Application code audit.

In any case, make space in your time and resource budget this year to get a code audit done on your Rails Application. The results will be well worth the time and expense.