Ruby Security

Open-source Ruby projects categorized as Security | Edit details

Top 23 Ruby Security Projects

  • GitHub repo Metasploit

    Metasploit Framework

    Project mention: OWASP Top 10 for Developers: Using Components with Known Vulnerabilities | | 2021-09-14

    This is one of the most prevalent issues among the OWASP Top 10. The growing reliance on third-party components creates a risk if dependencies aren't kept up to date. There are numerous tools, such as the Metasploit Framework, available to attackers, that allow them to easily identify and exploit known vulnerabilities in applications and operating systems. In many cases, a patch has been released for these vulnerable applications, but the victim organization has been slow to update their dependencies. Additionally, developers may not thoroughly understand the nested dependencies of all of the libraries that are being used in an application.

  • GitHub repo Brakeman

    A static analysis security vulnerability scanner for Ruby on Rails applications

    Project mention: OWASP Top 10 for Developers: Using Components with Known Vulnerabilities | | 2021-09-14

    In order to prevent this issue, your organization needs to implement regular checks of your dependencies against the CVE database for known vulnerabilities, as well as establishing a process for keeping all dependencies up-to-date. Fortunately, much of this can be automated using vulnerability scanning tools, such as the OWASP Dependency Check, RetireJS, or Brakeman. Additional tools, such as WhiteSource's Renovate, provide a complete dependency management solution by automatically updating any found vulnerabilities. In addition to keeping dependencies updated, it's important to remove any dependencies that are no longer being used.

  • Scout APM

    Scout APM: A developer's best friend. Try free for 14-days. Scout APM uses tracing logic that ties bottlenecks to source code so you know the exact line of code causing performance issues and can get back to building a great product faster.

  • GitHub repo wpscan

    WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites.

    Project mention: How do I stop Spotify tracking my location and suggesting playlists based on where I am? | | 2021-08-18

    That is why I found the Parler breach so amusing... I heard those Nazis used glorified Wordpress - there's automated scanning tools for wordpress nowadays!!

  • GitHub repo Rack::Attack

    Rack middleware for blocking & throttling

    Project mention: Rails application boilerplate for fast MVP development | | 2021-08-06

    rack-attack to prevent bruteforce and DDoS attacks

  • GitHub repo WhatWeb

    Next generation web scanner

    Project mention: The most important step in hacking - Enumeration | | 2021-07-12


  • GitHub repo SecureHeaders

    Manages application of security headers with many safe defaults

    Project mention: Rails application boilerplate for fast MVP development | | 2021-08-06

    add secure_headers

  • GitHub repo Portus

    Authorization service and frontend for Docker registry (v2)

    Project mention: Suggestions for self hosted container registries? | | 2021-08-03
  • Nanos

    Run Linux Software Faster and Safer than Linux with Unikernels.

  • GitHub repo inspec

    InSpec: Auditing and Testing Framework

    Project mention: Checking compliance of controls? Job help | | 2021-09-17
  • GitHub repo bundler-audit

    Patch-level verification for Bundler

  • GitHub repo cocoapods-keys

    A key value store for storing per-developer environment and application keys

    Project mention: Where to store API keys without server access | | 2021-02-21
  • GitHub repo RbNaCl

    Ruby FFI binding to the Networking and Cryptography (NaCl) library (a.k.a. libsodium)

  • GitHub repo cfn_nag

    Linting tool for CloudFormation templates

    Project mention: CloudFormation Best Practices | | 2021-01-05

    cfn_nag is an open source command-line tool that performs static analysis of CloudFormation templates. It will search for insecure infrastructure like:

  • GitHub repo invisible_captcha

    :honey_pot: Unobtrusive and flexible spam protection for Rails apps

    Project mention: Rails application boilerplate for fast MVP development | | 2021-08-06

    add invisible_captcha

  • GitHub repo Hashids

    A small Ruby gem to generate YouTube-like hashes from one or many numbers. Use hashids when you do not want to expose your database ids to the user.

  • GitHub repo dawnscanner

    Dawn is a static analysis security scanner for ruby written web applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.

    Project mention: Rails application boilerplate for fast MVP development | | 2021-08-06

    test and add dawnscanner

  • GitHub repo krane

    Kubernetes RBAC static Analysis & visualisation tool

    Project mention: Visualising RBAC on Kubernetes | | 2021-06-07
  • GitHub repo devise-security

    A security extension for devise, meeting industrial standard security demands for web applications.

    Project mention: Rails application boilerplate for fast MVP development | | 2021-08-06

    add devise-security

  • GitHub repo cis-docker-benchmark

    CIS Docker Benchmark - InSpec Profile

  • GitHub repo Rack::UTF8Sanitizer

    Rack::UTF8Sanitizer is a Rack middleware which cleans up invalid UTF8 characters in request URI and headers.

  • GitHub repo opencspm

    Open Cloud Security Posture Management Engine

    Project mention: GitHub - OpenCSPM/opencspm: Open Cloud Security Posture Management Engine | | 2021-08-12
  • GitHub repo haiti

    :key: Hash type identifier (CLI & lib)

    Project mention: Haiti v1.2.2 release | | 2021-08-24
  • GitHub repo Fugacious

    OSSSM (awesome). Open source short-term secure messaging

  • GitHub repo Clamby

    ClamAV interface to your Ruby on Rails project.

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2021-09-17.


What are some of the best open-source Security projects in Ruby? This list will help you:

Project Stars
1 Metasploit 25,079
2 Brakeman 6,206
3 wpscan 6,029
4 Rack::Attack 4,961
5 WhatWeb 3,329
6 SecureHeaders 2,918
7 Portus 2,869
8 inspec 2,405
9 bundler-audit 2,364
10 cocoapods-keys 1,471
11 RbNaCl 927
12 cfn_nag 923
13 invisible_captcha 890
14 Hashids 863
15 dawnscanner 652
16 krane 389
17 devise-security 355
18 cis-docker-benchmark 350
19 Rack::UTF8Sanitizer 262
20 opencspm 255
21 haiti 154
22 Fugacious 105
23 Clamby 91
Find remote jobs at our new job board There are 24 new remote jobs listed recently.
Are you hiring? Post a new remote job listing for free.
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives