Skip to content

kingofthebeat/awesome-ruby-security

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits
 
 
 
 
 
 

Repository files navigation


A curated list of awesome Ruby Security related resources.

Awesome

List inspired by the awesome list thing.

Supported by: GuardRails.io


Contents

Tools

Web Framework Hardening

  • secure-headers - Manages application of security headers with many safe defaults.
  • Rack::Attack - Middleware for blocking and throttling requests.

Multi tools

  • hawkeye - Multi purpose security/vulnerability/risk scanning tool supporting Ruby, Node.js, Python, PHP and Java.
  • Salus - Multi purpose security scanning tool supporting Ruby, Node, Python and Go.
  • GuardRails - A GitHub App that gives you instant security feedback in your Pull Requests.
  • Snyk - Continuously and automatically finds & fixes vulnerabilities for Ruby and other languages.

Static Code Analysis

  • brakeman - A static analysis security vulnerability scanner for Ruby on Rails applications.
  • rubocop-gitlab-security - A set of rules to extend rubocop with additional security rules.
  • dawnscanner - A static analysis security scanner for ruby applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.
  • git-secrets - Prevents you from committing secrets and credentials into git repositories.
  • DevSkim - DevSkim is a set of IDE plugins and rules that provide security "linting" capabilities. Also has support for CLI so it can be integrated into CI/CD pipeline.
  • ban-sensitive-files - Checks filenames to be committed against a library of filename rules to prevent storing sensitive files in Git. Checks some files for sensitive contents (for example authToken inside .npmrc file).
  • rails_best_practices - A static code analyzer for Ruby on Rails applications that finds - among other things - common patterns that might lead to security vulnerabilities.

Vulnerabilities and Security Advisories

  • bundler-audit - Patch-level verification for Ruby apps.
  • ruby-advisory-db - Open source database of security advisories that are relevant to Ruby libraries.
  • GemScanner - GemScanner identifies depreciated versions of gems in your ruby on rails project.

Educational

Hacking Playground

Articles & Guides

Newsletters

Other

Reporting Bugs

Contributing

Found an awesome project, package, article, other type of resources related to Ruby Security? Send me a pull request! Just follow the guidelines. Thank you!


say hi on Twitter

License

CC0

About

Awesome Ruby Security resources

Resources

Code of conduct

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published