Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

awesome-ruby-security

Awesome Ruby Security resources
https://github.com/pxlpnk/awesome-ruby-security

Last synced: 3 days ago
JSON representation

  • Web Framework Hardening

    • secure-headers - Manages application of security headers with many safe defaults.
    • Rack::Attack - Middleware for blocking and throttling requests.
  • Multi tools

    • Snyk - Continuously and automatically finds & fixes vulnerabilities for Ruby and other languages.
    • Ronin - Ronin is a free and Open Source Ruby toolkit for security research and development.
    • Salus - Multi purpose security scanning tool supporting Ruby, Node, Python and Go.
  • Articles & Guides

  • Static Code Analysis

    • Rails Application Routes Parser - A script that print out ruby on rails application routes/URLs.
    • brakeman - A static analysis security vulnerability scanner for Ruby on Rails applications.
    • rubocop-gitlab-security - A set of rules to extend rubocop with additional security rules.
    • dawnscanner - A static analysis security scanner for ruby applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.
    • git-secrets - Prevents you from committing secrets and credentials into git repositories.
    • DevSkim - DevSkim is a set of IDE plugins and rules that provide security "linting" capabilities. Also has support for CLI so it can be integrated into CI/CD pipeline.
    • ban-sensitive-files - Checks filenames to be committed against a library of filename rules to prevent storing sensitive files in Git. Checks some files for sensitive contents (for example authToken inside .npmrc file).
    • rails_best_practices - A static code analyzer for Ruby on Rails applications that finds - among other things - common patterns that might lead to security vulnerabilities.
    • Bearer - A code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
  • Vulnerabilities and Security Advisories

    • bundler-audit - Patch-level verification for Ruby apps.
    • ruby-advisory-db - Open source database of security advisories that are relevant to Ruby libraries.
    • GemScanner - GemScanner identifies depreciated versions of gems in your ruby on rails project.
  • Newsletters

  • Reporting Bugs

  • Hacking Playground

    • RailsGoat - A vulnerable version of Rails that follows the OWASP Top 10 http://railsgoat.cktricky.com .
    • DeleteMe - Educational insecure Rails application.