diff --git a/.rubocop.yml b/.rubocop.yml
index 431b6718..689d0da7 100644
--- a/.rubocop.yml
+++ b/.rubocop.yml
@@ -16,3 +16,8 @@ Style/MixinUsage:
   Exclude:
     - 'bin/setup'
     - 'bin/update'
+
+Rails/HasAndBelongsToMany:
+  Exclude:
+    - 'app/models/label.rb'
+    - 'app/models/pull_request.rb'
diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml
index 78ba3ce5..ad158ca9 100644
--- a/.rubocop_todo.yml
+++ b/.rubocop_todo.yml
@@ -48,14 +48,6 @@ Metrics/ParameterLists:
 Metrics/PerceivedComplexity:
   Max: 9
 
-# Offense count: 2
-# Configuration parameters: Include.
-# Include: app/models/**/*.rb
-Rails/HasAndBelongsToMany:
-  Exclude:
-    - 'app/models/label.rb'
-    - 'app/models/pull_request.rb'
-
 # Offense count: 1
 Rails/OutputSafety:
   Exclude:
@@ -73,10 +65,3 @@ Style/Documentation:
 Style/MutableConstant:
   Exclude:
     - 'config/initializers/voxpupuli.rb'
-
-# Offense count: 1
-# Cop supports --auto-correct.
-# Configuration parameters: Mode.
-Style/StringConcatenation:
-  Exclude:
-    - 'app/controllers/incoming_controller.rb'
diff --git a/app/controllers/incoming_controller.rb b/app/controllers/incoming_controller.rb
index 02c5f58a..e3d8f7e2 100644
--- a/app/controllers/incoming_controller.rb
+++ b/app/controllers/incoming_controller.rb
@@ -34,9 +34,8 @@ def travis
 
   def verify_signature(payload)
     webhook_secret = Rails.application.credentials.github[Rails.env.to_sym][:webhook_secret]
-    signature = 'sha1=' + OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha1'),
-                                                  webhook_secret,
-                                                  payload)
+    sha = OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha1'), webhook_secret, payload)
+    signature = "sha1=#{sha}"
 
     return if Rack::Utils.secure_compare(signature, request.env['HTTP_X_HUB_SIGNATURE'])