Show Menu

Software Development Best Practices Cheat Sheet (DRAFT) by

Building great software is more than just writing code. Here are a collection of tools and best practices specifically drawn from my experience developing ruby applications for the last 15 years.

This is a draft cheat sheet. It is a work in progress and is not finished yet.


Use rubocop.
Commit linter config­uration to project repo for the team to share.
Ensure that linter config­uration is integrated into your IDE.

Code Quality : Static Analyzers

Static analysis of code quality, SaaS
Compre­hensive static analysis of code quality, can run locally
Ruby static analysis gem
Code style analysis & feedback, can integrate with IDE
Static analysis for lots of languages
Check the quality of your Ruby on Rails code

Pull Requests

PRs should be as small and increm­ental as possible
Include screen­­shots / animat­­ions when approp­riate
All CI tests should pass prior to assigning reviewers
Don't take feedback person­ally! Receiving and learning from criticism is one of the best ways to become a better software developer.


Always stay up to date on the OWASP Top Ten security risks.
Integrate static analysis security tools into CI. Dependency auditing is an easy place to start. Enable Github's Dependabot.
Use the Qualys SSL Server Test to ensure that SSL is correctly config­ured.
Always require SSL. Let's Encrypt provides free, secure certif­icates.


Unit Tests : test the output of a single given state
Functional Tests : test the output of changes to state
Integr­ation Tests : test the results of cross-­service intera­ctions from the user's perspe­ctive. Use Cypress.
Implement continuous integr­ation, which runs all tests, performs static analysis, and automates security audits.
Ensure that test coverage is over 95%.


Identify and eliminate N+1 queries. bullet is helpful.
An RPM like New Relic, Scout, or DataDog is great for identi­fying perfor­mance problems.
Ensure that GZIP / HTTP Deflate are enabled and properly config­ured.
Use Rails caching. It includes easy-t­o-i­mpl­ement patterns for lots of different types of caching.

Docume­ntation must include these sections: Summary, Prereq­uis­ites, Infras­tru­cture, ENV Variables, Cron, Gotchas
Provide well-f­orm­atted and sensical seed data.
Diagram complex processes. Whimsical is great for this.
APIs should have compre­hensive Swagger docume­nta­tion.
Frontends should have wireframes prior to writing code.
Pivotal / Jira stories document applic­ation evolution.
Always consider the perspe­ctive of a developer who has never touched this project, but needs to rescue it because you’re on vacation.