Software Development Best Practices Cheat Sheet

by Jack Collier (imnotquitejack) via cheatography.com/105373/cs/21383/

Linters Security Docume​ntation

Use rubocop. Always stay up to date on the OWASP Top READM​E.md must include these sections:
Commit linter config​uration to project repo Ten security risks. Summary, Prereq​uis​ites, Infras​tru​cture,
for the team to share. Integrate static analysis security tools into ENV Variables, Cron, Gotchas

Ensure that linter config​uration is integrated CI. Dependency auditing is an easy place to Use semantic versioning.
into your IDE. start. Enable Github's Dependabot. CHANG​ELO​G.md should follow https:​//k​eep​‐
Use the Qualys SSL Server Test to ensure ach​ang​elo​g.c​om/​en/​1.0.0/
Code Quality : Static Analyzers that SSL is correctly config​ured.
Provide well-f​orm​atted and sensical seed
CodeClimate Static analysis of Always require SSL. Let's Encrypt provides data.
code quality, SaaS free, secure certif​icates.
Diagram complex proces​ses. Whimsical is
SonarQube Compre​hensive Use bundler-audit and brakeman great for this.
static analysis of APIs should have compre​hensive Swagger
code quality, can run Testing
docume​nta​tion.
locally Unit Tests : test the output of a single given Frontends should have wire​fra​mes prior to
Ruby Critic Ruby static analysis state writing code.
gem Func​tional Tests : test the output of Pivotal / Jira stories document applic​ation
Rubocop Code style analysis changes to state evolution.
& feedback, can Inte​gration Tests : test the results of
Always consider the perspe​ctive of a
integrate with IDE cross-​service intera​ctions from the user's
developer who has never touched this
Semgrep Static analysis for perspe​ctive. Use Cypress.
project, but needs to rescue it because
lots of languages Implement cont​inuous integr​ati​on, which you’re on vacation.
rails_best_practices Check the quality of runs all tests, performs static analysis, and
your Ruby on Rails automates security audits.
code Ensure that test coverage is over 95%.

Pull Requests Perfor​mance

PRs should be as small and increm​ental as
possible
Include screen​​shots / animat​​ions when
approp​riate
All CI tests should pass prior to assigning
reviewers
Don't take feedback person​ally! Receiving
and learning from criticism is one of the best
ways to become a better software
developer.
Identify and eliminate N+1 queries. bullet is
helpful.
An RPM like New Relic, Scout, or DataDog
is great for identi​fying perfor​mance
problems.
Ensure that GZIP / HTTP Deflate are
enabled and properly config​ured.
Use Rails caching. It includes easy-t​o-i​mpl​‐
ement patterns for lots of different types of
caching.

By Jack Collier Not published yet. Sponsored by CrosswordCheats.com

(imnotquitejack) Last updated 10th June, 2021. Learn to solve cryptic crosswords!
Page 1 of 1. http://crosswordcheats.com

cheatography.com/imnotquitejack/