Awesome Ruby Security resources
Switch branches/tags
Nothing to show
Clone or download
Latest commit 70706e9 Nov 5, 2018
Permalink
Failed to load latest commit information.
CONTRIBUTING.md Start out with the list Nov 5, 2018
README.md Start out with the list Nov 5, 2018
code-of-conduct.md Start out with the list Nov 5, 2018

README.md


A curated list of awesome Ruby Security related resources.

Awesome

List inspired by the awesome list thing.


Tools

Web Framework Hardening

  • secure-headers - Manages application of security headers with many safe defaults

Multi tools

  • hawkeye - Multi purpose security/vulnerability/risk scanning tool supporting Ruby, Node.js, Python, PHP and Java.
  • Salus - Multi purpose security scanning tool supporting Ruby, Node, Python and Go.

Static Code Analysis

  • brakeman - A static analysis security vulnerability scanner for Ruby on Rails applications.
  • rubocop-gitlab-security - A set of rules to extend rubocop with additional security rules.
  • dawnscanner - A static analysis security scanner for ruby applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.
  • git-secrets - Prevents you from committing secrets and credentials into git repositories.
  • DevSkim - DevSkim is a set of IDE plugins and rules that provide security "linting" capabilities. Also has support for CLI so it can be integrated into CI/CD pipeline.
  • ban-sensitive-files - Checks filenames to be committed against a library of filename rules to prevent storing sensitive files in Git. Checks some files for sensitive contents (for example authToken inside .npmrc file).

Vulnerabilities and Security Advisories

Educational

Hacking Playground

Articles & Guides

Other

Reporting Bugs

Contributing

Found an awesome project, package, article, other type of resources related to Ruby Security? Send me a pull request! Just follow the guidelines. Thank you!


say hi on Twitter

License

CC0