Ruby Security

Open-source Ruby projects categorized as Security

Top 23 Ruby Security Projects

  • GitHub repo Metasploit

    Metasploit Framework

    Project mention: Does anyone have a walk through for using CVE-2021-3156? | | 2021-04-13

    Always worth checking for metasploit plugins:

  • GitHub repo Brakeman

    A static analysis security vulnerability scanner for Ruby on Rails applications

    Project mention: 26 most popular Ruby/Rails repositories on GitHub in July-August 2020 | | 2020-09-05

    Brakeman is a static analysis tool that checks Ruby on Rails applications for security vulnerabilities. 5,800 stars by now

  • GitHub repo wpscan

    WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites.

    Project mention: How do I check a plugin someone wrote for me for security vulnerabilities? | | 2021-04-12

    To start, I highly recommend reviewing this plugin security testing cheat sheet for WordPress. It has the most common WordPress vulnerabilities and you can search the plugins code for these flaws:

  • GitHub repo Rack::Attack

    Rack middleware for blocking & throttling

    Project mention: What is happening once you launch and open a Rails app to the real, wild web | | 2021-03-08

    It's entirely normal and expected. If your site gets any traction, volume and sophistication of probing will only increase. I recommend starting by setting up Rack Attack (, that will help you block the bad actors for awhile, if the volume gets high enough you'll want to start blocking traffic upstream in reverse proxy or load balancing layer, depending on architecture.

  • GitHub repo SecureHeaders

    Manages application of security headers with many safe defaults

  • GitHub repo Portus

    Authorization service and frontend for Docker registry (v2)

    Project mention: Host your own private docker registry with Portus | | 2020-09-11

    Once you have your domain configured properly and the SSL certificate is on the server you can start configuring the registry. Docker themselves maintains and releases a docker image that is a Docker registry. Yea, they put a docker container registry in a docker container. But there’s one problem. There’s no GUI. There’s no access control. It’s not that exciting by itself. If only there was some open source project built off this registry container that had all the cool bells and whistles included. Oh, right, there is. Portus.

  • GitHub repo inspec

    InSpec: Auditing and Testing Framework

  • GitHub repo bundler-audit

    Patch-level verification for Bundler

  • GitHub repo cocoapods-keys

    A key value store for storing per-developer environment and application keys

    Project mention: Where to store API keys without server access | | 2021-02-21
  • GitHub repo RbNaCl

    Ruby FFI binding to the Networking and Cryptography (NaCl) library (a.k.a. libsodium)

  • GitHub repo invisible_captcha

    :honey_pot: Unobtrusive and flexible spam protection for Rails apps

    Project mention: install gem invisible_captcha with devise | | 2021-03-03

    Quick guide to add gem invisible_captcha to your devise registrations:

  • GitHub repo Hashids

    A small Ruby gem to generate YouTube-like hashes from one or many numbers. Use hashids when you do not want to expose your database ids to the user.

  • GitHub repo cfn_nag

    Linting tool for CloudFormation templates

    Project mention: CloudFormation Best Practices | | 2021-01-05

    cfn_nag is an open source command-line tool that performs static analysis of CloudFormation templates. It will search for insecure infrastructure like:

  • GitHub repo cis-docker-benchmark

    CIS Docker Benchmark - InSpec Profile

  • GitHub repo devise-security

    A security extension for devise, meeting industrial standard security demands for web applications.

    Project mention: Devise only allow one session per user at the same time | | 2021-01-19

    An alternative implementation....

  • GitHub repo Rack::UTF8Sanitizer

    Rack::UTF8Sanitizer is a Rack middleware which cleans up invalid UTF8 characters in request URI and headers.

  • GitHub repo Fugacious

    OSSSM (awesome). Open source short-term secure messaging

  • GitHub repo Clamby

    ClamAV interface to your Ruby on Rails project.

  • GitHub repo aws-foundations-cis-baseline

    InSpec profile to validate your VPC to the standards of the CIS Amazon Web Services Foundations Benchmark v1.1.0

    Project mention: A comparison of open-source infrastructure as code scanning tools | | 2021-03-11
  • GitHub repo SiRP

    Secure (interoperable) Remote Password Auth (SRP-6a)

  • GitHub repo TSS - Threshold Secret Sharing

    A Ruby implementation of Threshold Secret Sharing (Shamir) as defined in IETF Internet-Draft draft-mcgrew-tss-03.txt

  • GitHub repo active_entry

    A flexible access control system for your Rails app

    Project mention: Release V2 - Active Entry Access Control | Now with policies | | 2021-04-03
  • GitHub repo sessionKeys

    A tool for the deterministic generation of unique user IDs, and NaCl cryptographic keys from a single username and high entropy passphrase.

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2021-04-13.


What are some of the best open-source Security projects in Ruby? This list will help you:

Project Stars
1 Metasploit 23,742
2 Brakeman 6,070
3 wpscan 5,698
4 Rack::Attack 4,874
5 SecureHeaders 2,870
6 Portus 2,807
7 inspec 2,311
8 bundler-audit 2,293
9 cocoapods-keys 1,427
10 RbNaCl 918
11 invisible_captcha 864
12 Hashids 843
13 cfn_nag 837
14 cis-docker-benchmark 326
15 devise-security 312
16 Rack::UTF8Sanitizer 254
17 Fugacious 100
18 Clamby 88
19 aws-foundations-cis-baseline 57
20 SiRP 23
21 TSS - Threshold Secret Sharing 19
22 active_entry 11
23 sessionKeys 1