Rails Code and Security Tools

rails_code_tools.md

Security Tools

Here are some actions to take on a regular basis to ensure the various dependencies in the codebase are kept clean from a security standpoint. Even better would be to schedule these tasks to run automatically via cron.

Security Scanners

Brakeman

• Static code analysis that searches for common issues.
• $ brakeman
• $ gem install brakeman to install
• http://brakemanscanner.org

Bundle Audit

• Searches the Gemfile.lock for gems that have open vulnerabilities.
• $ bundle-audit update && bundle-audit check
• https://github.com/rubysec/bundler-audit

Code Quality Analysis

Ruby Critic

• Combines the Reek, Flog, and Flay tools into a nice report.
• $ rubycritic
• $ gem install rubycritic
• https://github.com/whitesmith/rubycritic

Rails Best Practices

• Static code analysis that leverages the best practices tracked on their site
• $ rails-best-practices
• $ gem install rails_best_practices
• http://rails-bestpractices.com/

Find Unused Routes

• The traceroute gem adds a rake task that finds unreachable routes and actions.
• $ rake traceroute
• Add gem 'traceroute' in the development group of Gemfile to install
• https://github.com/amatsuda/traceroute

you might find a few additional tools here, like testing for component vulnerabilities (postgresql, etc.) or SQL injections...

https://hakiri.io/blog/ruby-security-tools-and-resources