• Tools
• Educational
• Other
• Contributing

• secure-headers - Manages application of security headers with many safe defaults.
• Rack::Attack - Middleware for blocking and throttling requests.

• hawkeye - Multi purpose security/vulnerability/risk scanning tool supporting Ruby, Node.js, Python, PHP and Java.
• Salus - Multi purpose security scanning tool supporting Ruby, Node, Python and Go.
• GuardRails - A GitHub App that gives you instant security feedback in your Pull Requests.
• Snyk - Continuously and automatically finds & fixes vulnerabilities for Ruby and other languages.

• brakeman - A static analysis security vulnerability scanner for Ruby on Rails applications.
• rubocop-gitlab-security - A set of rules to extend rubocop with additional security rules.
• dawnscanner - A static analysis security scanner for ruby applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.
• git-secrets - Prevents you from committing secrets and credentials into git repositories.
• DevSkim - DevSkim is a set of IDE plugins and rules that provide security "linting" capabilities. Also has support for CLI so it can be integrated into CI/CD pipeline.
• ban-sensitive-files - Checks filenames to be committed against a library of filename rules to prevent storing sensitive files in Git. Checks some files for sensitive contents (for example authToken inside .npmrc file).
• rails_best_practices - A static code analyzer for Ruby on Rails applications that finds - among other things - common patterns that might lead to security vulnerabilities.

• bundler-audit - Patch-level verification for Ruby apps.
• ruby-advisory-db - Open source database of security advisories that are relevant to Ruby libraries.
• GemScanner - GemScanner identifies depreciated versions of gems in your ruby on rails project.

• RailsGoat - A vulnerable version of Rails that follows the OWASP Top 10 http://railsgoat.cktricky.com .
• DeleteMe - Educational insecure Rails application.

• Rails Security Guides - The essentials to read when dealing with Rails Applications.
• Securing Ruby and Rails Apps - Applying static code analysis and dependency checking in your CI/CD pipeline.
• OWASP Ruby on Rails Cheatsheet - This Cheatsheet intends to provide quick basic Ruby on Rails security tips for developers. It complements, augments or emphasizes points brought up in the rails security guide from rails core.
• Rails security checklist - 🔑 Community-driven Rails Security Checklist.
• Attacking Ruby on Rails Applications - Phrack article by joernchen on finding security vulnerabilities in Rails applications.
• Zen Rails Security Checklist - A well-documented Rails security checklist.
• Rails security best practices - A good overview of usefull things to look out for when working with Rails.

• Security for Developers - Newsletter catering towards developers and covering many languages.

• Ruby Bug Bounty Program - Found a bug in the Ruby language? Report it there.
• Ruby Security Updates - Follow the latest security announcements.

Found an awesome project, package, article, other type of resources related to Ruby Security? Send me a pull request! Just follow the guidelines. Thank you!

say hi on Twitter