A curated list of awesome Ruby Security related resources.

Awesome

List inspired by the awesome list thing.


Contents

Tools

Web Framework Hardening

  • secure-headers - Manages application of security headers with many safe defaults.
  • Rack::Attack - Middleware for blocking and throttling requests.

Multi tools

  • Ronin - Ronin is a free and Open Source Ruby toolkit for security research and development.
  • Salus - Multi purpose security scanning tool supporting Ruby, Node, Python and Go.
  • Snyk - Continuously and automatically finds & fixes vulnerabilities for Ruby and other languages.

Static Code Analysis

  • brakeman - A static analysis security vulnerability scanner for Ruby on Rails applications.
  • rubocop-gitlab-security - A set of rules to extend rubocop with additional security rules.
  • dawnscanner - A static analysis security scanner for ruby applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.
  • git-secrets - Prevents you from committing secrets and credentials into git repositories.
  • DevSkim - DevSkim is a set of IDE plugins and rules that provide security "linting" capabilities. Also has support for CLI so it can be integrated into CI/CD pipeline.
  • ban-sensitive-files - Checks filenames to be committed against a library of filename rules to prevent storing sensitive files in Git. Checks some files for sensitive contents (for example authToken inside .npmrc file).
  • rails_best_practices - A static code analyzer for Ruby on Rails applications that finds - among other things - common patterns that might lead to security vulnerabilities.
  • Rails Application Routes Parser - A script that print out ruby on rails application routes/URLs.
  • Bearer - A code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

Vulnerabilities and Security Advisories

  • bundler-audit - Patch-level verification for Ruby apps.
  • ruby-advisory-db - Open source database of security advisories that are relevant to Ruby libraries.
  • GemScanner - GemScanner identifies depreciated versions of gems in your ruby on rails project.

Educational

Hacking Playground

Articles & Guides

Newsletters

Other

Reporting Bugs

Contributing

Found an awesome project, package, article, other type of resources related to Ruby Security? Send me a pull request! Just follow the guidelines. Thank you!


say hi on Twitter

License

CC0