Skip to content
master
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 

A curated list of awesome Ruby Security related resources.

Awesome

List inspired by the awesome list thing.


Contents

Tools

Web Framework Hardening

  • secure-headers - Manages application of security headers with many safe defaults.
  • Rack::Attack - Middleware for blocking and throttling requests.

Multi tools

  • hawkeye - Multi purpose security/vulnerability/risk scanning tool supporting Ruby, Node.js, Python, PHP and Java.
  • Salus - Multi purpose security scanning tool supporting Ruby, Node, Python and Go.
  • Snyk - Continuously and automatically finds & fixes vulnerabilities for Ruby and other languages.

Static Code Analysis

  • brakeman - A static analysis security vulnerability scanner for Ruby on Rails applications.
  • rubocop-gitlab-security - A set of rules to extend rubocop with additional security rules.
  • dawnscanner - A static analysis security scanner for ruby applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.
  • git-secrets - Prevents you from committing secrets and credentials into git repositories.
  • DevSkim - DevSkim is a set of IDE plugins and rules that provide security "linting" capabilities. Also has support for CLI so it can be integrated into CI/CD pipeline.
  • ban-sensitive-files - Checks filenames to be committed against a library of filename rules to prevent storing sensitive files in Git. Checks some files for sensitive contents (for example authToken inside .npmrc file).
  • rails_best_practices - A static code analyzer for Ruby on Rails applications that finds - among other things - common patterns that might lead to security vulnerabilities.
  • Rails Application Routes Parser - A script that print out ruby on rails application routes/URLs.

Vulnerabilities and Security Advisories

  • bundler-audit - Patch-level verification for Ruby apps.
  • ruby-advisory-db - Open source database of security advisories that are relevant to Ruby libraries.
  • GemScanner - GemScanner identifies depreciated versions of gems in your ruby on rails project.

Educational

Hacking Playground

Articles & Guides

Newsletters

Other

Reporting Bugs

Contributing

Found an awesome project, package, article, other type of resources related to Ruby Security? Send me a pull request! Just follow the guidelines. Thank you!


say hi on Twitter

License

CC0

About

Awesome Ruby Security resources

Topics

Resources

Code of conduct

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published