awesome-rails-security
github.com/0xedward/awesome-rails-security ↗A curated list of security resources for a Ruby on Rails application
Use this list with your AI agent
Add the Context Awesome MCP server to Claude, Cursor, or any MCP client, then ask:
"Show me additional reading resources from awesome-rails-security"
Installation instructions →What's inside
Resources
- Attacking Ruby on Rails ApplicationsAdditional Reading
- Checkmarx - CodebashingLabs - Vulnerable Applications
Lessons on common vulnerabilities implemented in Rails. Lessons on SQL Injection, XXE and Stored XSS are free.
- DeleteMeLabs - Vulnerable Applications
Educational insecure Rails application
- Fixing Command Injection Vulnerabilities in Ruby/RailsAdditional Reading
- Fixing File Access Vulnerabilities in Ruby/RailsAdditional Reading
- Fixing SQL Injection Vulnerabilities in Ruby/RailsAdditional Reading
Gems
- AuthLogicAuthentication and OAuth
An unobtrusive ruby authentication library based on ActiveRecord
- BrakemanStatic Code Analysis
A static analysis security vulnerability scanner for Ruby on Rails applications
- bundler-auditStatic Code Analysis
Patch-level verification for Bundler
- CanCanCanAuthorization
An authorization library for Ruby and Ruby on Rails which restricts what resources a given user is allowed to access.
- CarrierWaveFile Upload
A gem that provides a simple and extremely flexible way to upload files from Ruby applications
- dawnscannerStatic Code Analysis
A source code scanner designed to review your ruby code for security issues
Tools
- git-secretsStatic Code Analysis
Prevents you from committing passwords and other sensitive information to a git repository
- GuardRailsStatic Code Analysis
Continuous security feedback for your GitHub repositories
- HakiriStatic Code Analysis
Hakiri monitors Ruby apps for dependency and code security vulnerabilities
- Hawkeye scanner-cliStatic Code Analysis
A project security, vulnerability and general risk highlighting tool
- rails_best_practicesStatic Code Analysis
A code metric tool to check the quality of Rails code
- Report URILogging and Monitoring
Reporting Bugs
Security Vulnerability Advisories
- Ruby-Lang - Security
A newsfeed for security vulnerabilities in the Ruby programming language
- Ruby on Rails: Security
A mailing list to get security announcements for Ruby, Rails, Rubygems, Bundler, and other Ruby ecosystem projects
- ruby-security-ann
Another mailing list to get security announcements for Ruby, Rails, Rubygems, Bundler, and other Ruby ecosystem projects
- Synk - Vulnerability DB
Vulnerability DB
Showing a sample of 69 resources. View the full list on GitHub →