rdlugosz/rails_code_tools.md

Last active July 14, 2017 00:48

Star () You must be signed in to star a gist
Fork () You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/rdlugosz/498ba8b9c2794480ae63.js"></script>
Save rdlugosz/498ba8b9c2794480ae63 to your computer and use it in GitHub Desktop.

Download ZIP

Rails Code and Security Tools

Raw

rails_code_tools.md

Security Tools

Here are some actions to take on a regular basis to ensure the various dependencies in the codebase are kept clean from a security standpoint. Even better would be to schedule these tasks to run automatically via cron.

Security Scanners

Brakeman

Static code analysis that searches for common issues.
$ brakeman
$ gem install brakeman to install
http://brakemanscanner.org

Bundle Audit

Searches the Gemfile.lock for gems that have open vulnerabilities.
$ bundle-audit update && bundle-audit check
https://github.com/rubysec/bundler-audit

Code Quality Analysis

Ruby Critic

Combines the Reek, Flog, and Flay tools into a nice report.
$ rubycritic
$ gem install rubycritic
https://github.com/whitesmith/rubycritic

Rails Best Practices

Static code analysis that leverages the best practices tracked on their site
$ rails-best-practices
$ gem install rails_best_practices
http://rails-bestpractices.com/

Find Unused Routes

The traceroute gem adds a rake task that finds unreachable routes and actions.
$ rake traceroute
Add gem 'traceroute' in the development group of Gemfile to install
https://github.com/amatsuda/traceroute

neurogenesis commented Oct 27, 2015

you might find a few additional tools here, like testing for component vulnerabilities (postgresql, etc.) or SQL injections...

https://hakiri.io/blog/ruby-security-tools-and-resources

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment