{"id":13539085,"url":"https://github.com/pxlpnk/awesome-ruby-security","last_synced_at":"2025-11-04T11:03:05.431Z","repository":{"id":33261082,"uuid":"156288554","full_name":"pxlpnk/awesome-ruby-security","owner":"pxlpnk","description":"Awesome Ruby Security resources","archived":false,"fork":false,"pushed_at":"2024-02-22T07:48:23.000Z","size":34,"stargazers_count":461,"open_issues_count":0,"forks_count":34,"subscribers_count":16,"default_branch":"master","last_synced_at":"2024-10-29T14:15:53.523Z","etag":null,"topics":["awesome-list","ruby","ruby-on-rails","security","security-tools"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pxlpnk.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":null,"code_of_conduct":"code-of-conduct.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2018-11-05T21:55:19.000Z","updated_at":"2024-10-28T13:27:18.000Z","dependencies_parsed_at":"2024-01-05T23:44:56.873Z","dependency_job_id":"9a2fedd1-9509-40a2-9c43-ac58970ad7b6","html_url":"https://github.com/pxlpnk/awesome-ruby-security","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pxlpnk%2Fawesome-ruby-security","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pxlpnk%2Fawesome-ruby-security/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pxlpnk%2Fawesome-ruby-security/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pxlpnk%2Fawesome-ruby-security/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pxlpnk","download_url":"https://codeload.github.com/pxlpnk/awesome-ruby-security/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247266565,"owners_count":20910836,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["awesome-list","ruby","ruby-on-rails","security","security-tools"],"created_at":"2024-08-01T09:01:20.019Z","updated_at":"2025-11-04T11:03:05.396Z","avatar_url":"https://github.com/pxlpnk.png","language":null,"readme":"\u003cbr/\u003e\n\u003cdiv align=\"center\"\u003e\n\nA curated list of awesome Ruby Security related resources.\n\n[![Awesome](https://awesome.re/badge.svg)](https://awesome.re)\n\n_List inspired by the [awesome](https://github.com/sindresorhus/awesome) list thing._\n\n\u003c/div\u003e\n\u003cbr/\u003e\n\n# Contents\n- [Tools](#tools)\n- [Educational](#educational)\n- [Other](#other)\n- [Contributing](#contributing)\n\n# Tools\n\n## Web Framework Hardening\n\n- [secure-headers](https://github.com/twitter/secure_headers) - Manages application of security headers with many safe defaults.\n- [Rack::Attack](https://github.com/kickstarter/rack-attack) - Middleware for blocking and throttling requests.\n\n## Multi tools\n\n- [Ronin](https://github.com/ronin-rb/ronin) - Ronin is a free and Open Source Ruby toolkit for security research and development.\n- [Salus](https://github.com/coinbase/salus) - Multi purpose security scanning tool supporting Ruby, Node, Python and Go.\n- [Snyk](https://snyk.io) - Continuously and automatically finds \u0026 fixes vulnerabilities for Ruby and other languages.\n\n\n## Static Code Analysis\n\n- [brakeman](https://github.com/presidentbeef/brakeman) - A static analysis security vulnerability scanner for Ruby on Rails applications.\n- [rubocop-gitlab-security](https://gitlab.com/gitlab-org/rubocop-gitlab-security) - A set of rules to extend rubocop with additional security rules.\n- [dawnscanner](https://github.com/thesp0nge/dawnscanner) - A static analysis security scanner for ruby applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.\n- [git-secrets](https://github.com/awslabs/git-secrets) - Prevents you from committing secrets and credentials into git repositories.\n- [DevSkim](https://github.com/Microsoft/DevSkim) - DevSkim is a set of IDE plugins and rules that provide security \"linting\" capabilities. Also has support for CLI so it can be integrated into CI/CD pipeline.\n- [ban-sensitive-files](https://github.com/bahmutov/ban-sensitive-files) - Checks filenames to be committed against a library of filename rules to prevent storing sensitive files in Git. Checks some files for sensitive contents (for example authToken inside .npmrc file).\n- [rails_best_practices](https://github.com/flyerhzm/rails_best_practices) - A static code analyzer for Ruby on Rails applications that finds - among other things - common patterns that might lead to security vulnerabilities.\n- [Rails Application Routes Parser](https://gist.github.com/Splint3r7/198a3f8f19f20c28fff44993427012c3) - A script that print out ruby on rails application routes/URLs.\n- [Bearer](https://github.com/Bearer/bearer) - A code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.\n\n\n\n## Vulnerabilities and Security Advisories\n\n- [bundler-audit](https://rubygems.org/gems/bundler-audit) - Patch-level verification for Ruby apps.\n- [ruby-advisory-db](https://github.com/rubysec/ruby-advisory-db) - Open source database of security advisories that are relevant to Ruby libraries.\n- [GemScanner](https://github.com/Splint3r7/GemScanner) - GemScanner identifies depreciated versions of gems in your ruby on rails project.\n\n# Educational\n\n## Hacking Playground\n\n- [RailsGoat](https://github.com/OWASP/railsgoat) - A vulnerable version of Rails that follows the OWASP Top 10 http://railsgoat.cktricky.com .\n- [DeleteMe](https://github.com/rietta/DeleteMe) - Educational insecure Rails application.\n\n## Articles \u0026 Guides\n\n- [Rails Security Guides](https://guides.rubyonrails.org/security.html) - The essentials to read when dealing with Rails Applications.\n- [Securing Ruby and Rails Apps](https://www.occamslabs.com/blog/securing-your-ruby-and-rails-codebase) - Applying static code analysis and dependency checking in your CI/CD pipeline.\n- [OWASP Ruby on Rails Cheatsheet](https://www.owasp.org/index.php/Ruby_on_Rails_Cheatsheet) - This Cheatsheet intends to provide quick basic Ruby on Rails security tips for developers. It complements, augments or emphasizes points brought up in the rails security guide from [rails core](https://guides.rubyonrails.org/security.html).\n- [Rails security checklist](https://github.com/eliotsykes/rails-security-checklist) - 🔑 Community-driven Rails Security Checklist.\n- [Attacking Ruby on Rails Applications](http://www.phrack.org/issues/69/12.html#article) - Phrack article by [joernchen](https://twitter.com/joernchen) on finding security vulnerabilities in Rails applications.\n- [Zen Rails Security Checklist](https://github.com/brunofacca/zen-rails-security-checklist#memcached-security) - A well-documented Rails security checklist.\n- [Rails security best practices](https://github.com/ankane/secure_rails) - A good overview of usefull things to look out for when working with Rails.\n- [Securing Rails Application from developers perspective](http://hassankhanyusufzai.com/securing-rails-application/) - A detailed blog on Ruby on Rails security from developers perspective that contains OWASP Top \u0026 other application issues with fixes /  recommendation and fix codes.\n- [Rubyfu](https://rubyfu.net/) - Offensive security book for rubyist ([Source](https://github.com/rubyfu/RubyFu))\n- [Ruby gem installations can expose you to lockfile injection attacks](https://snyk.io/blog/ruby-gem-installation-lockfile-injection-attacks) - security blindspots of lockfile injection in the Ruby ecosystem\n\n## Newsletters\n- [Security for Developers](https://www.getrevue.co/profile/devsecops) - Newsletter catering towards developers and covering many languages.\n\n# Other\n\n## Reporting Bugs\n\n- [Ruby Bug Bounty Program](https://hackerone.com/ruby) - Found a bug in the Ruby language? Report it there.\n- [Ruby Security Updates](https://www.ruby-lang.org/en/security/) - Follow the latest security announcements.\n\n# Contributing\n\nFound an awesome project, package, article, other type of resources related to Ruby Security? Send me a pull request!\nJust follow the [guidelines](/CONTRIBUTING.md). Thank you!\n\n---\n\nsay _hi_ on [Twitter](https://twitter.com/pxlpnk)\n\n## License\n\n[![CC0](http://mirrors.creativecommons.org/presskit/buttons/88x31/svg/cc-zero.svg)](http://creativecommons.org/publicdomain/zero/1.0/)\n","funding_links":[],"categories":["Programming Languages","Others","\u003ca id=\"8c5a692b5d26527ef346687e047c5c21\"\u003e\u003c/a\u003e收集","Coding","\u003ca id=\"e97d183e67fa3f530e7d0e7e8c33ee62\"\u003e\u003c/a\u003e未分类","Other Lists","Security"],"sub_categories":["\u003ca id=\"f110da0bf67359d3abc62b27d717e55e\"\u003e\u003c/a\u003e新添加的","TeX Lists","Other tools"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpxlpnk%2Fawesome-ruby-security","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpxlpnk%2Fawesome-ruby-security","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpxlpnk%2Fawesome-ruby-security/lists"}