Awesome Ruby Security resources
Switch branches/tags
Nothing to show
Clone or download
Latest commit 70706e9 Nov 5, 2018
Failed to load latest commit information. Start out with the list Nov 5, 2018 Start out with the list Nov 5, 2018 Start out with the list Nov 5, 2018

A curated list of awesome Ruby Security related resources.


List inspired by the awesome list thing.


Web Framework Hardening

  • secure-headers - Manages application of security headers with many safe defaults

Multi tools

  • hawkeye - Multi purpose security/vulnerability/risk scanning tool supporting Ruby, Node.js, Python, PHP and Java.
  • Salus - Multi purpose security scanning tool supporting Ruby, Node, Python and Go.

Static Code Analysis

  • brakeman - A static analysis security vulnerability scanner for Ruby on Rails applications.
  • rubocop-gitlab-security - A set of rules to extend rubocop with additional security rules.
  • dawnscanner - A static analysis security scanner for ruby applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.
  • git-secrets - Prevents you from committing secrets and credentials into git repositories.
  • DevSkim - DevSkim is a set of IDE plugins and rules that provide security "linting" capabilities. Also has support for CLI so it can be integrated into CI/CD pipeline.
  • ban-sensitive-files - Checks filenames to be committed against a library of filename rules to prevent storing sensitive files in Git. Checks some files for sensitive contents (for example authToken inside .npmrc file).

Vulnerabilities and Security Advisories


Hacking Playground

Articles & Guides


Reporting Bugs


Found an awesome project, package, article, other type of resources related to Ruby Security? Send me a pull request! Just follow the guidelines. Thank you!

say hi on Twitter