bundler-audit
protected_attributes
Our great sponsors
bundler-audit | protected_attributes | |
---|---|---|
5 | 1 | |
2,646 | 230 | |
0.6% | 0.0% | |
6.1 | 0.0 | |
3 months ago | 8 months ago | |
Ruby | Ruby | |
GNU General Public License v3.0 or later | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
bundler-audit
-
4 Essential Security Tools To Level Up Your Rails Security
This Ruby gem is quite useful for detecting versions of gems that are known to be vulnerable to security issues. bundler-audit uses an open database of vulnerable gems called ruby-advisory-db and compares it to the versions that show up in your Gemfile.lock.
- How do you guys integrate automated security checks in your CI/CD pipelines?
-
What are the gems that every Ruby dev should know how to use?
bundler-audit - check for known security issues
- Hakiri has been sunset, any alternatives?
-
Security Risks On Rails: Misconfiguration and Unsafe Integrations
Let’s take the super famous gem bundler-audit, for instance. It works closely with bundler to provide patch-level verification for your project gems, such as vulnerability checks, insecure gem sources, etc.
protected_attributes
-
Security Risks On Rails: Misconfiguration and Unsafe Integrations
If you’re migrating from Rails 3 to a newer version and still don’t want to deal with that specific part, Rails still allows the use of the protected_attributes gem for a smoother upgrade path, but be mindful that this is just until version 5. From there on, no more support will be provided.
What are some alternatives?
Brakeman - A static analysis security vulnerability scanner for Ruby on Rails applications
Metasploit - Metasploit Framework
Ruby on Rails - Ruby on Rails
RbNaCl - Ruby FFI binding to the Networking and Cryptography (NaCl) library (a.k.a. libsodium)
railsgoat - A vulnerable version of Rails that follows the OWASP Top 10
Clamby - ClamAV interface to your Ruby on Rails project.
Hakiri - Secure Ruby apps with Hakiri
Gitrob - Reconnaissance tool for GitHub organizations
dawnscanner - Dawn is a static analysis security scanner for ruby written web applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.
Rack::UTF8Sanitizer - Rack::UTF8Sanitizer is a Rack middleware which cleans up invalid UTF8 characters in request URI and headers.
sessionKeys - A tool for the deterministic generation of unique user IDs, and NaCl cryptographic keys from a single username and high entropy passphrase.