{"id":13878265,"url":"https://github.com/gregmolnar/spektr","last_synced_at":"2025-05-07T21:34:19.364Z","repository":{"id":37738356,"uuid":"404281472","full_name":"gregmolnar/spektr","owner":"gregmolnar","description":"Static code analyser to find security issues in Rails applications","archived":false,"fork":false,"pushed_at":"2024-06-16T09:46:36.000Z","size":1861,"stargazers_count":65,"open_issues_count":0,"forks_count":1,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-04-22T13:55:58.859Z","etag":null,"topics":["rails","security"],"latest_commit_sha":null,"homepage":"","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/gregmolnar.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-09-08T09:08:20.000Z","updated_at":"2025-03-06T18:20:08.000Z","dependencies_parsed_at":"2022-08-18T08:30:05.006Z","dependency_job_id":"b374a2c6-1ee9-4b0f-919d-bba51ae72c9e","html_url":"https://github.com/gregmolnar/spektr","commit_stats":{"total_commits":143,"total_committers":2,"mean_commits":71.5,"dds":0.006993006993006978,"last_synced_commit":"8a22525546c5cff32841b91ee7f9e404286e004b"},"previous_names":[],"tags_count":8,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gregmolnar%2Fspektr","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gregmolnar%2Fspektr/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gregmolnar%2Fspektr/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gregmolnar%2Fspektr/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/gregmolnar","download_url":"https://codeload.github.com/gregmolnar/spektr/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252957764,"owners_count":21831547,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["rails","security"],"created_at":"2024-08-06T08:01:44.540Z","updated_at":"2025-05-07T21:34:19.326Z","avatar_url":"https://github.com/gregmolnar.png","language":"Ruby","funding_links":[],"categories":["Ruby"],"sub_categories":[],"readme":"# Spektr\n\n[![Ruby CI](https://github.com/gregmolnar/spektr/actions/workflows/ci.yaml/badge.svg?branch=master)](https://github.com/gregmolnar/spektr/actions/workflows/ci.yaml)\n\nSpektr is a static-code analyser for Ruby On Rails applications to find security issues.\n\n## Installation\n\nAdd this line to your application's Gemfile:\n\n```ruby\ngem 'spektr'\n```\n\nAnd then execute:\n\n    $ bundle install\n\nOr install it yourself as:\n\n    $ gem install spektr\n\n## Usage\n\nIf you are using in your app:\n\n```\nspektr\n```\n\nIf you want to scan an app in another folder:\n\n```\nspektr path/to/app\n```\n\nTo see the available options, you can run `spektr --help`.\n\nTo ignore a finding, you can use the `--ignore` flag with a comma separated list of fingerprints from the report.\n\n\n### Railsgoat Example output\n\n![Railgoat example](https://github.com/gregmolnar/spektr/blob/master/railsgoat-example.png)\n\n### False positives\n\nDue to the nature of static-code analysis, Spektr might report false positives. Please report them, so I can try\nto tweak the check.\n\n\n## Development\n\nAfter checking out the repo, run `bin/setup` to install dependencies. Then, run `rake test` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.\n\nTo install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).\n\n## Contributing\n\nBug reports and pull requests are welcome on GitHub at https://github.com/gregmolnar/spektr. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [code of conduct](https://github.com/gregmolnar/spektr/blob/master/CODE_OF_CONDUCT.md).\n\n\n## License\n\nThe gem is available as open source under the terms described in the [licence](https://github.com/gregmolnar/spektr/blob/master/LICENSE.txt). Non-commercial use is free of charge, to obtain a commercial licence, contact us at info[at]spektrhq.com.\nIf you are looking for a hosted solution, take a look at [SpektrHQ](https://spektrhq.com).\n\n\n## Code of Conduct\n\nEveryone interacting in the Spektr project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/gregmolnar/spektr/blob/master/CODE_OF_CONDUCT.md).\n\n## FAQ\n\n### I use Spektr in my closed-source paid product making millions of dollars, is that non-commercial use?\n\nYes, this is perfectly fine without obtaining a licence. You can however donate to the development here on Github.\n\n### I want to use Spektr in my automated code analyser SaaS, do I need a commercial licence?\n\nYes, please get in touch at info[at]spektrhq.com and we will work something out.\n\n### I am a penetration tester and I'd like to use Spektr to audit on a paid engagement. Do I need a commercial licence?\n\nNo. You are free to use it for that purpose, happy bug hunting!\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgregmolnar%2Fspektr","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgregmolnar%2Fspektr","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgregmolnar%2Fspektr/lists"}