Generating a Code Quality Report for Freelance Projects

Jordan Hudgens
A free video tutorial from Jordan Hudgens
CTO at Bottega Code School
4.4 instructor rating • 16 courses • 63,484 students

Lecture description

So you’ve built an application, and all the features seem to be working properly. Now you can simply ship the source code and final invoice to the client, right? Not quite. Before you send out the application for final sign off, it’s vital that you perform a number of checks. This guide will walk you through how to test for code quality in your applications.

How to Test for Code Quality

When it comes to testing for code quality I analyze two key focus areas. I test for:

  • Security vulnerabilities

  • Best practices

So knowing what needs to be tested is great. But how exactly can you test for code quality? Simply giving the code a final review isn’t enough. For this task I turn to automated tools that can perform a number of quality checks on a codebase and compile a comprehensive report of fixes.

Tools for Testing Code Quality

In this guide I’ll walk through the tools that I use for testing Ruby and Ruby on Rails applications. However if you work with another programming language a quick Google search will reveal that every popular language has similar tools that you can utilize.


how to test for code quality

When it comes to analyzing a Ruby/Rails application, RubyCritic is a powerful tool. This code quality Rubygem pulls in three different code analysis tools (Reek, Flay, and Flog) and generates a comprehensive report.

I like using RubyCritic because it searches for a number of issues that developers tend to overlook. For example it looks for:

  • Code smells

  • Duplicate code

  • Poorly named classes/methods


how to test for code quality

Next on the list of code quality tools is ###a href="">RuboCop. The RuboCop gem is a great tool that analyzes a Ruby code base and focuses on verifying that the code follows the Ruby style guide. If you are not familiar with your language’s style guide, essentially it represents a set of recommendations for how your code should be structured. This includes items such as:

  • Capitalization rules

  • Indentation

  • Spacing

  • Etc

I’ve discovered that RuboCop is a great tool for ensuring that your codebase follows the accepted practices for your language/framework.


how to test for code quality

Last on the list of code quality tools that I use is the Brakeman gem. One of the most difficult items to test for in an application is security. The main challenge is that if you knew of a security vulnerability… you’d have already fixed it (hopefully). So Brakeman helps uncover potential security issues that you may have not even thought about.

Learn more from the full course

Freelance Bootcamp - The Comprehensive Guide to Freelancing

Learn how to build a profitable freelance business completely from scratch and gain the tools needed to succeed.

05:38:37 of on-demand video • Updated January 2019

  • Build a freelance business completely from scratch, including: acquiring clients, building a portfolio, and managing projects.
English [Auto] When it comes to being a freelancer one of the more challenging tasks that you're going to come across is how to prove to a client that you wrote the entire application with the best quality standards in mind so that you followed all of the industry best practices. You can give them your word that you did and you can explain some of the different components that you used in order to build the system. However that's still just kind of hearsay it's just you saying it and they either are going to believe you or they don't. I personally like to do is I like to bring not just my words but I like to bring hard facts. And so what I will do is after I've completed a full project I will go and all integrate some automated code quality testing mechanisms into the application and I will run the report and this gives a few benefits. First I don't just run the reports and then send them off to the client. I think that would be a bad thing to do. Instead I run the reports and then i use of those and analyze them line by line to make sure that I followed best practices. And this is kind of a final polishing stage of the application where I'll go through those reports and if I see any glaring issues or even any bugs or any spots where I didn't follow best practices I will go and fix those items. So a little bit of it is self auditing and you're going to be able to make yourself a better developer by running these kinds of tools. It helps to keep you honest as a developer and make sure that you're not creating any shortcuts or anything that could cause issues later on down the line. So it will help you in addition to that. I can't tell you how many clients appreciate it and how much they love the fact that not only do I give them a working application when it's done but I give them about a 10 page document that shows all of the automated reports. I'll even give them a Web site where they can go and they see all of the items and they can see that I followed best practices. I follow the style guide. So if another developer ever comes on board and works on it they're going to be able to take right where I left off and be able to work with it. This is something that has got me quite a few great compliments but also some great testimonials from clients and some great ratings. And if you're working on sites like up or or dot com being able to give tools like this to the client is really helpful. So when it comes to testing for code quality in please know this is different than what we talked about in the last guy when we talked about test driven development that is a development process and that's really more of just a tool for you. You can use it in order to build out applications and to make sure that the new features you add Don't break your preexisting functionality. What this does this is a code quality report to make sure that you're following the industry best practice standards. I've been hired from multiple companies and I've had multiple clients who they actually had a full team of developers but they didn't trust that they were doing a great job with the code quality. They saw that they had a somewhat working application but they had a lot of fear around if they were if their current developers were following the industry best practices and they hired me just to go in and perform audits on what the developers were pushing up each day. So I took that to mean that this is a very common problem by clients that hire freelancers. And so I wanted to be proactive with it and that's what I want to give you is the ability to be proactive and instead of having a client who may not trust the kind of quality that you get you can give them a report and say look this is exactly what the application did this is these are various different scripts that run through the system and analyzes the code and they will tell you if the code was written well or not. And that's going to give the client so much more trust in you which going back to the marketing side. That is a critical component to getting them to send you more work and also for them to refer you to their other their friends their colleagues and different people like that. So in this guide I want to give you a full walkthrough on the report that I give declines. Now please no because I'm a ruby developer. I'm going to give you the different things that are specific to Ruby every single language and every framework has a full set of these kind of automated review policies in these libraries that you can use so coming from Java Python go Ingela or anything like that. You're going to be able to research and find the ones that are specific to your language. I'm going to show you the exact ones that I use in my ruby and my rails applications and it will give you a good idea of what to find for your languages. If you're not a ruby developer there are two key components that I want to focus on. And these are the two main things that these systems generate for me from a report standpoint. The first is with security vulnerabilities a huge thing that clients are afraid of is they see that you gave them a working application. But there's still a lot of fear of the unknown. How can they trust that some hacker can't easily just go to a few test you are Elle's and get into the database or easily break through the encryption of the site if you didn't use best practices on that. Those kinds of things that's something that freelance clients are very afraid of because they're not developers if they are developers they wouldn't have hired you. They want to have the trust in you and they really they truly do want to have the trust in you because they want to give you more work. They gave you the job for a specific reason. However if you can show them a report that shows that a third party when tested the system and that you did a great job that's going to go a very long way with you. So that's a first one which is testing for security vulnerabilities. The other one is testing for best practices. So when I say best practices what I mean is being able to say that you've built code in the code that you wrote is scalable so that it can scale up to a larger number of users and also that it's going to be easy to change in the future. So say that you're a Rails developer but you didn't follow best practices and you put all kinds of code in the view like all kinds of actual logic code in the view which is a very bad thing to do if you're a Rails developer. And what these automated tests are going to do is they're going to go see that they're going to analyze it and then it's going to give you a report if you follow best practices you can give the report right to the client and say look this is a code quality report. I followed best practices I follow the style guide and this means that I've handed you a well written application. You can use right now and it will be easy to extend in the future. Now let's start going through the actual tools. The very first one is called Rubie critic. Now when it comes to analyzing a Ruby on Rails application Ruby critic is a powerful tool. This code quality Ruby gem pulls in three different code analysis tools Rijk Flay and flog and generates a comprehensive report. I like using Ruby critic because it searches for a number of issues that developers tend to overlook. For example it looks for code smell's duplicate code and poorly named classes and methods. And one thing I absolutely love about Ruby critic is it just doesn't just print out a report for you. It also generates a full web site so the Web site has all of the report items so that you can either post it on the web so your client can go access it or you can just send them the files. They can double click the main file it will open up in the browser and then they can go and navigate through each one of the pages to see the work that you did and if it met with their quality standards. The next two on the list is called Ruvo cop. Now Robocop is a gem that analyzes a ruby code base and focuses on verifying that the code follows the Ruby style guide. Now if you're not familiar with the language's style guide essentially it represents a set of recommendations for how your code should be structured. This includes such items as capitalization rules indentation spaces and various things like that. I like using Robocop not just for my report but also I want to do it occasionally just to make sure that I'm staying within the guidelines and that I didn't get lazy with any of the code that I wrote. Now last but not least is the tool break command in one of the most difficult items to test for in an application is security and the main challenge is that if you knew of a security vulnerability you would have already fixed it. Hopefully so brakeman helps uncover potential security issues that you may have not even thought about. A good example of this would be if you created a Rails API application and you wanted to ensure that it was only able to be accessed by the right kinds of apps ones that you'd give an authority to access you. It's really hard to test that I mean you can test the basic components and you can try to reach for edge cases but it's very easy to make mistakes and to miss certain circumstances where an unauthorized application was able to gain access and what brakeman does is it gives the ability to create automated reports so it's almost kind of like bringing in another developer that comes and looks at your code looks over your shoulder and make sure that there is nothing that you missed when you were personally performing your own security audit.