Brakeman
Ruby on Rails
Brakeman | Ruby on Rails | |
---|---|---|
16 | 475 | |
6,914 | 54,976 | |
- | 0.4% | |
7.5 | 10.0 | |
4 days ago | 4 days ago | |
Ruby | Ruby | |
Q Public License 1.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Brakeman
-
First commits in a Ruby on Rails app
Brakeman - “Brakeman detects security vulnerabilities in Ruby on Rails applications via static analysis”
-
[Tool] An alternative to Brakeman for Security
My team and I released Bearer a couple of weeks ago, a newer open and free alternative to Brakeman to check your code for security and privacy risks. In addition to Ruby/Rails, we also cover your JS/TS code, which allows you to use a single solution for your whole Rails application.
-
Brakeman VS bearer - a user suggested alternative
2 projects | 10 Jul 2023
-
Code Reviewing a Ruby on Rails application.
Brakeman is a static analysis security vulnerability scanner for Ruby on Rails applications. It finds potential security issues in Rails applications by examining the Ruby code. Brakeman helps find and fix security holes before deploying your Rails app.
-
4 Essential Security Tools To Level Up Your Rails Security
brakeman is another useful Ruby gem that is a static analysis security vulnerability scanner for Ruby on Rails applications.
-
How do you guys integrate automated security checks in your CI/CD pipelines?
You might find brakeman interesting: https://brakemanscanner.org
-
Github Pre-commit Hook Setup In Ruby On Rails for maintaining coding standards and productive.
It’s assumed that you already have a Rails app and use Brakeman to keep your app secure and Rspec to run your test cases.
- Is this query vulnerable to SQL injections?
-
Security Risks On Rails: Misconfiguration and Unsafe Integrations
Another great lib for this is Brakeman, which can be installed in a very similar process and gives you even more detailed reports:
-
Fixing Just One False Positive in Brakeman
This is pretty easy to handle. In the case where a splatted array is the only argument to a method, we'll simply use the elements of the array as the argument list. (Check out the pull request here)
Ruby on Rails
-
Should You Use Ruby on Rails or Hanami?
Industry adoption - Without including the adoption of other popular and more established frameworks like Python, React, C#, and others, if we consider the adoption of Ruby frameworks, Rails easily eclipses Hanami. The Rails homepage lists some big-name organizations using the framework. On the other hand, as the new kid on the block, Hanami is not so widely adopted. We'll have to wait and see whether that will change in the future.
-
Rails Core Classes Method Lookup Changes: A Deep Dive into Include vs Prepend
on April 23, 2024, a PR #51640 was merged into main branch of Ruby On Rails. This PR title is Use Module#include rather than prepend for faster method lookup.
-
GitHub Incident with Issues, API Requests and Pull Requests
[0] is a my favorite demonstration of it.
[0]: https://github.com/rails/rails/commit/b83965785db1eec019edf1...
-
Client side Git hooks 101
Here's a real life example: Imagine a Ruby on Rails app on which a team of developers are working. The code is hosted on GitLab and all the work is coordinated using GitLab issues. In other words: For every commit, there's an associated issue and the issue number acts as a sort of primary key for documentation, time reporting and so forth. This convention has a few advantages, most notably the ability to easily learn more about how, when and by whom features were implemented as well as how this implementation came to be.
-
16 Best Ruby Frameworks For Web Development [2024]
Ruby on Rails is regarded as one of the best ruby frameworks. It was the primary language in developing big projects such as Twitter and helped the language boost the community. Often referred to as “Rails,” Ruby on Rails is a web development framework with an MVC control structure and currently running its 6.1 version. The 16-year-old language has dramatically influenced the web development structures and managing databases, web pages, and other components on a web application.
-
More control over enum in Rails 7.1
In Rails 7.1, a new option _instance_methods is introduced, allowing developers to opt-out of the automatic generation of instance methods for enums. When enum is defined with _instance_methods: false, Rails will no longer generate methods like pending?, processed?, etc.
-
Ruby on Rails load testing habits
Rails isn't super opinionated about database writes, its mostly left up to developers to discover that for relational DBs you do not want to be doing a bunch of small writes all at once.
That said it specifically has tools to address this that started appearing a few years ago https://github.com/rails/rails/pull/35077
The way my team handles it is to stick Kafka in between whats generating the records (for us, a bunch of web scraping workers) and and a consumer that pulls off the Kafka queue and runs an insert when its internal buffer reaches around 50k rows.
Rails is also looking to add some more direct background type work with https://github.com/basecamp/solid_queue but this is still very new - most larger Rails shops are going to be running a second system and a gem called Sidekiq that pulls jobs out of Redis.
-
DHH installing Campfire (37s ONCE #1) [video]
I'm looking forward to see what extractions from this will land on rails. For example: https://github.com/rails/rails/issues/50454
-
First commits in a Ruby on Rails app
Here is what strict_loading does (source):
-
Continuous Deployment with GitHub Actions and Kamal
Kamal is a wonderfully simple way to deploy your applications anywhere. It will also be included by default in Rails 8. Kamal is trivial, but I don’t recommend using it on your development machine.
What are some alternatives?
bundler-audit - Patch-level verification for Bundler
Roda - Routing Tree Web Toolkit
Rubocop - A Ruby static code analyzer and formatter, based on the community Ruby style guide. [Moved to: https://github.com/rubocop/rubocop]
Hanami - The web, with simplicity.
Metasploit - Metasploit Framework
Sinatra - Classy web-development dressed in a DSL (official / canonical repo)
Rubycritic - A Ruby code quality reporter
CodeBehind Framework - CodeBehind library is a modern backend framework. This library is a programming model based on the MVC structure, which provides the possibility of creating dynamic aspx files in .NET Core and has high serverside independence.
Pronto - Quick automated code review of your changes
Cuba - Rum based microframework for web development.
BeEF - The Browser Exploitation Framework Project
Padrino - Padrino is a full-stack ruby framework built upon Sinatra.