-
Notifications
You must be signed in to change notification settings - Fork 88
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Added Codesake::Dawn version 1.0.0 announcement.
- Loading branch information
Showing
2 changed files
with
40 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -10,7 +10,6 @@ Gemfile.lock | |
InstalledFiles | ||
_yardoc | ||
coverage | ||
doc/ | ||
lib/bundler/man | ||
pkg | ||
rdoc | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
After 9 months of development, it's now time for Codesake::Dawn security source | ||
code scanner first major release. | ||
|
||
Codesake::Dawn is a static analysis security scanner for ruby written web applications. | ||
It supports [Sinatra](http://www.sinatrarb.com), | ||
[Padrino](http://www.padrinorb.com) and [Ruby on Rails](http://rubyonrails.org) | ||
frameworks. | ||
|
||
Version 1.0 introduces 142 security checks against public bulletins since 2006, | ||
you can use to check the vulnerabilities introduced by third party libraries | ||
your web application include in its Gemfile. | ||
|
||
Writing safe code it's important, but sometimes security issues are introduced | ||
by third party code your application relies on. As example, consider a SQL | ||
Injection vulnerability introduced by Ruby on Rails framework. Despite the | ||
effort you spend in sanitize inputs, your web application inherits the | ||
vulnerability suffering as well. An attacker can easily exploit it and break | ||
into your database unless you upgrade the offended gem. | ||
|
||
There is a comprehensive set of command line flags you can read more by issuing | ||
```dawn -h``` flag or by reading [project README](https://github.com/codesake/codesake-dawn/raw/master/README.md) file. | ||
|
||
The list of security checks included in version 1.0.0 can be found online at: | ||
[http://dawn.codesake.com/knowledge-base](http://dawn.codesake.com/knowledge-base). | ||
|
||
You can use [facilities provided by | ||
github](https://github.com/codesake/codesake-dawn/issues) to submit bug | ||
reports, product enhancements, new security checks you want to me to add in | ||
future releases and even success stories. | ||
|
||
Now it's time for you to install Codesake::Dawn version 1.0.0 with the | ||
following command and start reviewing your code for security issues: | ||
|
||
``` | ||
$ gem install codesake-dawn | ||
``` | ||
|
||
You can find the announcement on the web here: [http://dawn.codesake.com/blog/announce-codesake-dawn-v1-0-0-released/](http://dawn.codesake.com/blog/announce-codesake-dawn-v1-0-0-released/) | ||
Enjoy it! | ||
Paolo - paolo@codesake.com |