Security

Interact with the macOS Keychain

Official AWS Ruby gem for AWS SecurityHub. This gem is part of the AWS SDK for Ruby.

Microsoft Azure Security Management Client Library for Ruby

Official AWS Ruby gem for Amazon Security Lake. This gem is part of the AWS SDK for Ruby.

An enterprise security extension for devise.

An enterprise security extension for devise, trying to meet industrial standard security demands for web applications.

A secure, non-evaling end user template engine with aesthetic markup.

Brakeman detects security vulnerabilities in Ruby on Rails applications via static analysis.

bcrypt() is a sophisticated and secure hash algorithm designed by The OpenBSD project for hashing passwords. The bcrypt Ruby gem provides a simple wrapper for safely handling passwords.

bcrypt() is a sophisticated and secure hash algorithm designed by The OpenBSD project for hashing passwords. The bcrypt Ruby gem provides a simple wrapper for safely handling passwords.

InSpec provides a framework for creating end-to-end infrastructure tests. You can use it for integration or even compliance testing. Create fully portable test profiles and use them in your workflow to ensure stability and security. Integrate InSpec in your change lifecycle for local testing, CI/CD, and deployment verification. Packaged distributions of Progress® Chef® products obtained from RubyGems are made available pursuant to the Progress Chef EULA at https://www.chef.io/end-user-license-agreement, unless there is an executed agreement in effect between you and Progress that covers the Progress Chef products ("Master Agreement"), in which case the Master Agreement shall govern. Source code obtained from the Chef GitHub repository is made available under Apache-2.0, a copy of which is included.

Security Command Center API provides access to temporal views of assets and findings within an organization.

InSpec provides a framework for creating end-to-end infrastructure tests. You can use it for integration or even compliance testing. Create fully portable test profiles and use them in your workflow to ensure stability and security. Integrate InSpec in your change lifecycle for local testing, CI/CD, and deployment verification. This has local support only. See the `inspec` gem for full support. Packaged distributions of Progress® Chef® products obtained from RubyGems are made available pursuant to the Progress Chef EULA at https://www.chef.io/end-user-license-agreement, unless there is an executed agreement in effect between you and Progress that covers the Progress Chef products ("Master Agreement"), in which case the Master Agreement shall govern. Source code obtained from the Chef GitHub repository is made available under Apache-2.0, a copy of which is included.

== DESCRIPTION: The RightScale AWS gems have been designed to provide a robust, fast, and secure interface to Amazon EC2, EBS, S3, SQS, SDB, and CloudFront. These gems have been used in production by RightScale since late 2006 and are being maintained to track enhancements made by Amazon. The RightScale AWS gems comprise: - RightAws::Ec2 -- interface to Amazon EC2 (Elastic Compute Cloud) and the associated EBS (Elastic Block Store) - RightAws::S3 and RightAws::S3Interface -- interface to Amazon S3 (Simple Storage Service) - RightAws::Sqs and RightAws::SqsInterface -- interface to first-generation Amazon SQS (Simple Queue Service) (API version 2007-05-01) - RightAws::SqsGen2 and RightAws::SqsGen2Interface -- interface to second-generation Amazon SQS (Simple Queue Service) (API version 2008-01-01) - RightAws::SdbInterface and RightAws::ActiveSdb -- interface to Amazon SDB (SimpleDB) - RightAws::AcfInterface -- interface to Amazon CloudFront, a content distribution service == FEATURES: - Full programmmatic access to EC2, EBS, S3, SQS, SDB, and CloudFront. - Complete error handling: all operations check for errors and report complete error information by raising an AwsError. - Persistent HTTP connections with robust network-level retry layer using RightHttpConnection). This includes socket timeouts and retries. - Robust HTTP-level retry layer. Certain (user-adjustable) HTTP errors returned by Amazon's services are classified as temporary errors. These errors are automaticallly retried using exponentially increasing intervals. The number of retries is user-configurable. - Fast REXML-based parsing of responses (as fast as a pure Ruby solution allows). - Uses libxml (if available) for faster response parsing. - Support for large S3 list operations. Buckets and key subfolders containing many (> 1000) keys are listed in entirety. Operations based on list (like bucket clear) work on arbitrary numbers of keys. - Support for streaming GETs from S3, and streaming PUTs to S3 if the data source is a file. - Support for single-threaded usage, multithreaded usage, as well as usage with multiple AWS accounts. - Support for both first- and second-generation SQS (API versions 2007-05-01 and 2008-01-01). These versions of SQS are not compatible. - Support for signature versions 0 and 1 on SQS, SDB, and EC2. - Interoperability with any cloud running Eucalyptus (http://eucalyptus.cs.ucsb.edu) - Test suite (requires AWS account to do "live" testing).

Add easily configured security headers to responses including content-security-policy, x-frame-options, strict-transport-security, etc.

Pronto runs analysis quickly by checking only the relevant changes. Created to be used on pull requests, but suited for other scenarios as well. Perfect if you want to find out quickly if branch introduces changes that conform to your styleguide, are DRY, don't introduce security holes and more.

HTTP::Cookie is a Ruby library to handle HTTP Cookies based on RFC 6265. It has with security, standards compliance and compatibility in mind, to behave just the same as today's major web browsers. It has builtin support for the legacy cookies.txt and the latest cookies.sqlite formats of Mozilla Firefox, and its modular API makes it easy to add support for a new backend store.

The scrypt key derivation function is designed to be far more secure against hardware brute-force attacks than alternative functions such as PBKDF2 or bcrypt.

Official AWS Ruby gem for AWS IoT Secure Tunneling. This gem is part of the AWS SDK for Ruby.

TorqueBox Security Gem

HexaPDF is a pure Ruby library with an accompanying application for working with PDF files. In short, it allows creating new PDF files, manipulating existing PDF files, merging multiple PDF files into one, extracting meta information, text, images and files from PDF files, securing PDF files by encrypting them and optimizing PDF files for smaller file size or other criteria. HexaPDF was designed with ease of use and performance in mind. It uses lazy loading and lazy computing when possible and tries to produce small PDF files by default.

The win32-security library provides an interface for dealing with security related aspects of MS Windows, such as SID's, ACL's and ACE's.

Provides API and a command line tool to Access the OS X Keychain. The command line tool isn't actually useful (use `security` instead), but demonstrates the usage quite well.

Secret Manager is a secure and convenient storage system for API keys, passwords, certificates, and other sensitive data. Secret Manager provides a central place and single source of truth to manage, access, and audit secrets across Google Cloud.

Rodauth is Ruby's most advanced authentication framework, designed to work in all rack applications. It's built using Roda and Sequel, but it can be used as middleware in front of web applications that use other web frameworks and database libraries. Rodauth aims to provide strong security for password storage by utilizing separate database accounts if possible on PostgreSQL, MySQL, and Microsoft SQL Server. Configuration is done via a DSL that makes it easy to override any part of the authentication process. Rodauth supports typical authentication features: such as login and logout, changing logins and passwords, and creating, verifying, unlocking, and resetting passwords for accounts. Rodauth also supports many advanced authentication features: * Secure password storage using security definer database functions * Multiple primary multifactor authentication methods (WebAuthn and TOTP), as well as backup multifactor authentication methods (SMS and recovery codes). * Passwordless authentication using email links and WebAuthn authenticators. * Both standard HTML form and JSON API support for all features.

Building Web Service Security

A Ruby API to nmap, the exploration tool and security / port scanner. Allows automating nmap and parsing nmap XML files.

Role-based authorization system for Rails with a concise DSL for securing your Rails application. Acl9 makes it easy to get security right for your app, the access control code sits right in your controller, the syntax is very easy to understand, and acl9 makes it easy to test your access rules.

Official AWS Ruby gem for Amazon CodeGuru Security. This gem is part of the AWS SDK for Ruby.

Official AWS Ruby gem for AWS Security Token Service (STS). STS is included as part of aws-sdk-core - this gem is an alias for loading aws-sdk-core.

Basic security checking for Ruby files. A plugin for the RuboCop code style enforcing & linting tool.

Security Command Center API provides access to temporal views of assets and findings within an organization. Note that google-cloud-security_center-v1 is a version-specific client library. For most uses, we recommend installing the main client library google-cloud-security_center instead. See the readme for more details.

dawn is a security source code scanner for ruby powered code. It is especially designed for web applications, but it works also with general purpose ruby scripts. Dawn supports all major MVC frameworks like ruby on rails, padrino and sinatra; it provides more than 680 security checks with their own mitigation suggestion.

WS Security XML signer

Securely search encrypted database fields

Secret Manager is a secure and convenient storage system for API keys, passwords, certificates, and other sensitive data. Secret Manager provides a central place and single source of truth to manage, access, and audit secrets across Google Cloud. Note that google-cloud-secret_manager-v1beta1 is a version-specific client library. For most uses, we recommend installing the main client library google-cloud-secret_manager instead. See the readme for more details.

Secret Manager is a secure and convenient storage system for API keys, passwords, certificates, and other sensitive data. Secret Manager provides a central place and single source of truth to manage, access, and audit secrets across Google Cloud. Note that google-cloud-secret_manager-v1 is a version-specific client library. For most uses, we recommend installing the main client library google-cloud-secret_manager instead. See the readme for more details.

Subscription Billing - Simple. Secure. Affordable. More details at www.chargebee.com.

Interface for secure random number generator.

Ruby is an excellent programming language for creating and managing custom DSLs, but how can you securely evaluate a DSL while explicitly controlling the methods exposed to the user? Our good friends instance_eval and instance_exec are great, but they expose all methods - public, protected, and private - to the user. Even worse, they expose the ability to accidentally or intentionally alter the behavior of the system! The cleanroom pattern is a safer, more convenient, Ruby-like approach for limiting the information exposed by a DSL while giving users the ability to write awesome code!

HasSecureToken provides you an easily way to geneatre uniques random tokens for any model in ruby on rails. **SecureRandom::base58** is used to generate the 24-character unique token, so collisions are highly unlikely.

Ruby is an excellent programming language for creating and managing custom DSLs, but how can you securely evaluate a DSL while explicitly controlling the methods exposed to the user? Our good friends instance_eval and instance_exec are great, but they expose all methods - public, protected, and private - to the user. Even worse, they expose the ability to accidentally or intentionally alter the behavior of the system! The cleanroom pattern is a safer, more convenient, Ruby-like approach for limiting the information exposed by a DSL while giving users the ability to write awesome code!

sekrets is a command line tool and library used to securely manage encrypted files and settings in your rails' applications and git repositories.

RubyAudit checks your current version of Ruby and RubyGems against known security vulnerabilities (CVEs), alerting you if you are using an insecure version. It complements bundler-audit, providing complete coverage for your Ruby stack.

Security Command Center API provides access to temporal views of assets and findings within an organization. Note that google-cloud-security_center-v1p1beta1 is a version-specific client library. For most uses, we recommend installing the main client library google-cloud-security_center instead. See the readme for more details.

Execute shell commands and get the resulting output, but without the security problems of Ruby’s backtick operator.

Ronin is a free and Open Source Ruby toolkit for security research and development. Ronin contains many different CLI commands and Ruby libraries for a variety of security tasks, such as encoding/decoding data, filter IPs/hosts/URLs, querying ASNs, querying DNS, HTTP, scanning for web vulnerabilities, spidering websites, installing 3rd-party repositories of exploits and/or payloads, running exploits, developing new exploits, managing local databases, fuzzing data, performing recon, and much more.

Ruby implementation of Nanoid, secure URL-friendly unique ID generator

Rex provides a variety of classes useful for security testing and exploit development.

Securely encode and decode short pieces of arbitrary binary data in URLs.