Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Scanny — Ruby on Rails security scanner
Ruby
branch: melbourne

This branch is even with openSUSE:melbourne

Fetching latest commit…

Cannot retrieve the latest commit at this time

Failed to load latest commit information.
bin
lib
spec
.gitignore
Gemfile
LICENSE
README.md
Rakefile
scanny.gemspec
scanny.yml

README.md

Scanny

Scanny is a Ruby on Rails security scanner. It parses Ruby files, looks for various suspicious patterns in them (by traversing the AST) and produces a report. Scanny aims to be simple (it does one thing well) and extensible (it is easy to define new patterns).

This is currently work in progress and it's probably not useful at this point.

Credits

The tool was written as a replacement of Thomas Biege's Ruby on Rails scanner which is used internally in SUSE. This tool uses just regular expressions to look for suspicious places.

AST parsing and checking code was copied and adapted from Roodi, a tool for detecting Ruby code design issues.

Something went wrong with that request. Please try again.