Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
0 parents
commit 70706e9
Showing
3 changed files
with
164 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,19 @@ | ||
| c# Contribution Guidelines | ||
|
|
||
| 1. Read and adhere to the [Code-of-Conduct](./code-of-conduct.md) | ||
| 2. Make sure you put things in the right category! | ||
| 3. Always add your items to the end of a list. To be fair, the order is first-come-first-serve. | ||
| 4. If you think something belongs in the wrong category, or think there needs to be a new category, feel free to edit things too. | ||
|
|
||
| Please ensure your pull request adheres to the following guidelines: | ||
|
|
||
| - Search previous suggestions before making a new one, as yours may be a duplicate. | ||
| - Suggested READMEs should be beautiful or stand out in some way. | ||
| - Make an individual pull request for each suggestion. | ||
| - New categories, or improvements to the existing categorization are welcome. | ||
| - Keep descriptions short and simple, but descriptive. | ||
| - Start the description with a capital and end with a full stop/period. | ||
| - Check your spelling and grammar. | ||
| - Make sure your text editor is set to remove trailing whitespace. | ||
|
|
||
| Thank you for your suggestions! |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,69 @@ | ||
| <br/> | ||
| <div align="center"> | ||
|
|
||
| A curated list of awesome Ruby Security related resources. | ||
|
|
||
| [](https://awesome.re) | ||
|
|
||
| _List inspired by the [awesome](https://github.com/sindresorhus/awesome) list thing._ | ||
|
|
||
| </div> | ||
| <br/> | ||
|
|
||
| # Tools | ||
|
|
||
| ## Web Framework Hardening | ||
|
|
||
| - [secure-headers](https://github.com/twitter/secure_headers) - Manages application of security headers with many safe defaults | ||
|
|
||
| ## Multi tools | ||
|
|
||
| - [hawkeye](https://github.com/hawkeyesec/scanner-cli) - Multi purpose security/vulnerability/risk scanning tool supporting Ruby, Node.js, Python, PHP and Java. | ||
| - [Salus](https://github.com/coinbase/salus) - Multi purpose security scanning tool supporting Ruby, Node, Python and Go. | ||
|
|
||
| ## Static Code Analysis | ||
|
|
||
| - [brakeman](https://github.com/presidentbeef/brakeman) - A static analysis security vulnerability scanner for Ruby on Rails applications. | ||
| - [rubocop-gitlab-security](https://gitlab.com/gitlab-org/rubocop-gitlab-security) - A set of rules to extend rubocop with additional security rules. | ||
| - [dawnscanner](https://github.com/thesp0nge/dawnscanner) - A static analysis security scanner for ruby applications. It supports Sinatra, Padrino and Ruby on Rails frameworks. | ||
| - [git-secrets](https://github.com/awslabs/git-secrets) - Prevents you from committing secrets and credentials into git repositories. | ||
| - [DevSkim](https://github.com/Microsoft/DevSkim) - DevSkim is a set of IDE plugins and rules that provide security "linting" capabilities. Also has support for CLI so it can be integrated into CI/CD pipeline. | ||
| - [ban-sensitive-files](https://github.com/bahmutov/ban-sensitive-files) - Checks filenames to be committed against a library of filename rules to prevent storing sensitive files in Git. Checks some files for sensitive contents (for example authToken inside .npmrc file). | ||
|
|
||
| ## Vulnerabilities and Security Advisories | ||
|
|
||
| - [bundler-audit](https://rubygems.org/gems/bundler-audit) - Patch-level verification for Ruby apps. | ||
|
|
||
| # Educational | ||
|
|
||
| ## Hacking Playground | ||
|
|
||
| - [RailsGoat](https://github.com/OWASP/railsgoat) - A vulnerable version of Rails that follows the OWASP Top 10 http://railsgoat.cktricky.com . | ||
| - [DeleteMe](https://github.com/rietta/DeleteMe) - Educational insecure Rails application. | ||
|
|
||
| ## Articles & Guides | ||
|
|
||
| - [Rails Security Guides](https://guides.rubyonrails.org/security.html) - The essentials to read when dealing with Rails Applications. | ||
| - [Securing Ruby and Rails Apps](https://www.occamslabs.com/blog/securing-your-ruby-and-rails-codebase) - Applying static code analysis and dependency checking in your CI/CD pipeline. | ||
| - [OWASP Ruby on Rails Cheatsheet](https://www.owasp.org/index.php/Ruby_on_Rails_Cheatsheet) - This Cheatsheet intends to provide quick basic Ruby on Rails security tips for developers. It complements, augments or emphasizes points brought up in the rails security guide from [rails core](https://guides.rubyonrails.org/security.html). | ||
| - [Rails security checklist](https://github.com/eliotsykes/rails-security-checklist) - 🔑 Community-driven Rails Security Checklist. | ||
|
|
||
| # Other | ||
|
|
||
| ## Reporting Bugs | ||
|
|
||
| - [Ruby Bug Bounty Program](https://hackerone.com/ruby) - Found a bug in the Ruby language? Report it there. | ||
| - [Ruby Security Updates](https://www.ruby-lang.org/en/security/) - Follow the latest security announcements. | ||
|
|
||
| # Contributing | ||
|
|
||
| Found an awesome project, package, article, other type of resources related to Ruby Security? Send me a pull request! | ||
| Just follow the [guidelines](/CONTRIBUTING.md). Thank you! | ||
|
|
||
| --- | ||
|
|
||
| say _hi_ on [Twitter](https://twitter.com/pxlpnk) | ||
|
|
||
| ## License | ||
|
|
||
| [](http://creativecommons.org/publicdomain/zero/1.0/) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,76 @@ | ||
| # Contributor Covenant Code of Conduct | ||
|
|
||
| ## Our Pledge | ||
|
|
||
| In the interest of fostering an open and welcoming environment, we as | ||
| contributors and maintainers pledge to making participation in our project and | ||
| our community a harassment-free experience for everyone, regardless of age, body | ||
| size, disability, ethnicity, sex characteristics, gender identity and expression, | ||
| level of experience, education, socio-economic status, nationality, personal | ||
| appearance, race, religion, or sexual identity and orientation. | ||
|
|
||
| ## Our Standards | ||
|
|
||
| Examples of behavior that contributes to creating a positive environment | ||
| include: | ||
|
|
||
| * Using welcoming and inclusive language | ||
| * Being respectful of differing viewpoints and experiences | ||
| * Gracefully accepting constructive criticism | ||
| * Focusing on what is best for the community | ||
| * Showing empathy towards other community members | ||
|
|
||
| Examples of unacceptable behavior by participants include: | ||
|
|
||
| * The use of sexualized language or imagery and unwelcome sexual attention or | ||
| advances | ||
| * Trolling, insulting/derogatory comments, and personal or political attacks | ||
| * Public or private harassment | ||
| * Publishing others' private information, such as a physical or electronic | ||
| address, without explicit permission | ||
| * Other conduct which could reasonably be considered inappropriate in a | ||
| professional setting | ||
|
|
||
| ## Our Responsibilities | ||
|
|
||
| Project maintainers are responsible for clarifying the standards of acceptable | ||
| behavior and are expected to take appropriate and fair corrective action in | ||
| response to any instances of unacceptable behavior. | ||
|
|
||
| Project maintainers have the right and responsibility to remove, edit, or | ||
| reject comments, commits, code, wiki edits, issues, and other contributions | ||
| that are not aligned to this Code of Conduct, or to ban temporarily or | ||
| permanently any contributor for other behaviors that they deem inappropriate, | ||
| threatening, offensive, or harmful. | ||
|
|
||
| ## Scope | ||
|
|
||
| This Code of Conduct applies both within project spaces and in public spaces | ||
| when an individual is representing the project or its community. Examples of | ||
| representing a project or community include using an official project e-mail | ||
| address, posting via an official social media account, or acting as an appointed | ||
| representative at an online or offline event. Representation of a project may be | ||
| further defined and clarified by project maintainers. | ||
|
|
||
| ## Enforcement | ||
|
|
||
| Instances of abusive, harassing, or otherwise unacceptable behavior may be | ||
| reported by contacting the project team at [andy@an-ti.eu](mailto:andy@an-ti.eu). All | ||
| complaints will be reviewed and investigated and will result in a response that | ||
| is deemed necessary and appropriate to the circumstances. The project team is | ||
| obligated to maintain confidentiality with regard to the reporter of an incident. | ||
| Further details of specific enforcement policies may be posted separately. | ||
|
|
||
| Project maintainers who do not follow or enforce the Code of Conduct in good | ||
| faith may face temporary or permanent repercussions as determined by other | ||
| members of the project's leadership. | ||
|
|
||
| ## Attribution | ||
|
|
||
| This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, | ||
| available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html | ||
|
|
||
| [homepage]: https://www.contributor-covenant.org | ||
|
|
||
| For answers to common questions about this code of conduct, see | ||
| https://www.contributor-covenant.org/faq |