Skip to main content RuboCop A Ruby static code analyzer and formatter, based on the community Ruby style guide.Files RuboCop will run on the following files and extensions:
.rb.arb.axlsx.builder.fcgi.gemfile.gemspec.god.jb.jbuilder.mspec.opal.pluginspec.podspec.rabl.rake.rbuild.rbw.rbx.ru.ruby.schema.spec.thor.watchr.irbrc.pryrc.simplecovbuildfileAppraisalsBerksfileBrewfileBuildfileCapfileCheffileDangerfileDeliverfileFastfileFastfileGemfileGuardfileJarfileMavenfilePodfilePuppetfileRakefilerakefileSchemafileSnapfileSteepfileThorfileVagabondfileVagrantfile
Configuration RuboCop uses a YAML style configuration file. We look for the following files anywhere in the repository:
.rubocop.yml.rubocop.yaml
CodeRabbit will use the default settings based on the profile selected if no config file is found.
What CodeRabbit runs We run RuboCop inside a locked-down sandbox with an explicit --config that we generate or wrap. We do not load repository-specified Ruby plugins beyond a minimal safe set.
Security policy and restrictions
We skip RuboCop if the config (.rubocop.yml/.rubocop.yaml) includes unsafe require entries.
Only a small, standardized require list is allowed. Custom gems/plugins loaded via require are blocked.
The following require entries are currently allowed:
rubocoprubocop-performancerubocop-railsrubocop-rspecrubocop-minitestrubocop-rakerubocop-sequelrubocop-capybararubocop-factory_botrubocop-i18nrubocop-packagingrubocop-sorbetrubocop-thread_safetyrubocop-graphqlstandard
When we skip RuboCop CodeRabbit will skip running RuboCop when:
The config contains require with disallowed entries.
The config cannot be validated or parsed safely.
Links 
