bundler-audit
Ruby on Rails
Our great sponsors
bundler-audit | Ruby on Rails | |
---|---|---|
5 | 467 | |
2,643 | 54,865 | |
0.5% | 0.6% | |
6.1 | 10.0 | |
3 months ago | 1 day ago | |
Ruby | Ruby | |
GNU General Public License v3.0 or later | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
bundler-audit
-
4 Essential Security Tools To Level Up Your Rails Security
This Ruby gem is quite useful for detecting versions of gems that are known to be vulnerable to security issues. bundler-audit uses an open database of vulnerable gems called ruby-advisory-db and compares it to the versions that show up in your Gemfile.lock.
- How do you guys integrate automated security checks in your CI/CD pipelines?
-
What are the gems that every Ruby dev should know how to use?
bundler-audit - check for known security issues
- Hakiri has been sunset, any alternatives?
-
Security Risks On Rails: Misconfiguration and Unsafe Integrations
Let’s take the super famous gem bundler-audit, for instance. It works closely with bundler to provide patch-level verification for your project gems, such as vulnerability checks, insecure gem sources, etc.
Ruby on Rails
-
GitHub Incident with Issues, API Requests and Pull Requests
[0] is a my favorite demonstration of it.
[0]: https://github.com/rails/rails/commit/b83965785db1eec019edf1...
-
Client side Git hooks 101
Here's a real life example: Imagine a Ruby on Rails app on which a team of developers are working. The code is hosted on GitLab and all the work is coordinated using GitLab issues. In other words: For every commit, there's an associated issue and the issue number acts as a sort of primary key for documentation, time reporting and so forth. This convention has a few advantages, most notably the ability to easily learn more about how, when and by whom features were implemented as well as how this implementation came to be.
-
16 Best Ruby Frameworks For Web Development [2024]
Ruby on Rails is regarded as one of the best ruby frameworks. It was the primary language in developing big projects such as Twitter and helped the language boost the community. Often referred to as “Rails,” Ruby on Rails is a web development framework with an MVC control structure and currently running its 6.1 version. The 16-year-old language has dramatically influenced the web development structures and managing databases, web pages, and other components on a web application.
-
More control over enum in Rails 7.1
In Rails 7.1, a new option _instance_methods is introduced, allowing developers to opt-out of the automatic generation of instance methods for enums. When enum is defined with _instance_methods: false, Rails will no longer generate methods like pending?, processed?, etc.
-
Ruby on Rails load testing habits
Rails isn't super opinionated about database writes, its mostly left up to developers to discover that for relational DBs you do not want to be doing a bunch of small writes all at once.
That said it specifically has tools to address this that started appearing a few years ago https://github.com/rails/rails/pull/35077
The way my team handles it is to stick Kafka in between whats generating the records (for us, a bunch of web scraping workers) and and a consumer that pulls off the Kafka queue and runs an insert when its internal buffer reaches around 50k rows.
Rails is also looking to add some more direct background type work with https://github.com/basecamp/solid_queue but this is still very new - most larger Rails shops are going to be running a second system and a gem called Sidekiq that pulls jobs out of Redis.
-
DHH installing Campfire (37s ONCE #1) [video]
I'm looking forward to see what extractions from this will land on rails. For example: https://github.com/rails/rails/issues/50454
-
First commits in a Ruby on Rails app
Here is what strict_loading does (source):
-
Continuous Deployment with GitHub Actions and Kamal
Kamal is a wonderfully simple way to deploy your applications anywhere. It will also be included by default in Rails 8. Kamal is trivial, but I don’t recommend using it on your development machine.
-
What's Coming in Rails 8
Here's the GitHub milestone I've based this article on — https://github.com/rails/rails/milestone/87
- Rails 8 Plan
What are some alternatives?
Brakeman - A static analysis security vulnerability scanner for Ruby on Rails applications
Roda - Routing Tree Web Toolkit
Metasploit - Metasploit Framework
Hanami - The web, with simplicity.
RbNaCl - Ruby FFI binding to the Networking and Cryptography (NaCl) library (a.k.a. libsodium)
Sinatra - Classy web-development dressed in a DSL (official / canonical repo)
Clamby - ClamAV interface to your Ruby on Rails project.
Cuba - Rum based microframework for web development.
Gitrob - Reconnaissance tool for GitHub organizations
CodeBehind Framework - CodeBehind library is a modern backend framework. This library is a programming model based on the MVC structure, which provides the possibility of creating dynamic aspx files in .NET Core and has high serverside independence.
Rack::UTF8Sanitizer - Rack::UTF8Sanitizer is a Rack middleware which cleans up invalid UTF8 characters in request URI and headers.
Padrino - Padrino is a full-stack ruby framework built upon Sinatra.