Security

Pronto runner for Brakeman, security vulnerability scanner for RoR

Sysrandom generates secure random numbers using /dev/urandom, getrandom(), etc

Comfortable (seriously) white-list security restrictions for models on a field level

Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications. It is smart, it trains itself by monitoring and learning from the web application's behavior during the scan process and is able to perform meta-analysis using a number of factors in order to correctly assess the trustworthiness of results and intelligently identify (or avoid) false-positives. Unlike other scanners, it takes into account the dynamic nature of web applications, can detect changes caused while travelling through the paths of a web application’s cyclomatic complexity and is able to adjust itself accordingly. This way, attack/input vectors that would otherwise be undetectable by non-humans can be handled seamlessly. Moreover, due to its integrated browser environment, it can also audit and inspect client-side code, as well as support highly complicated web applications which make heavy use of technologies such as JavaScript, HTML5, DOM manipulation and AJAX. Finally, it is versatile enough to cover a great deal of use cases, ranging from a simple command line scanner utility, to a global high performance grid of scanners, to a Ruby library allowing for scripted audits, to a multi-user multi-scan web collaboration platform.

Add authentication to applications and secure services with Keycloak

Web Risk is an enterprise security product that lets your client applications check URLs against Google's constantly updated lists of unsafe web resources. Note that google-cloud-web_risk-v1 is a version-specific client library. For most uses, we recommend installing the main client library google-cloud-web_risk instead. See the readme for more details.

Web Risk is an enterprise security product that lets your client applications check URLs against Google's constantly updated lists of unsafe web resources. Note that google-cloud-web_risk-v1beta1 is a version-specific client library. For most uses, we recommend installing the main client library google-cloud-web_risk instead. See the readme for more details.

A secure, non-evaling end user template engine with aesthetic markup. Extended with liquid template inheritance for use in LocomotiveCMS

Simple but LOW security AES gem - OBSOLETE.

Placeholder by RubyGems security team

The saml2 library is yet another SAML library for Ruby, with an emphasis on _not_ re-implementing XML, especially XML Security, _not_ parsing via Regex or generating XML by string concatenation, _not_ serializing/re-parsing multiple times just to get it into the correct format to sign or validate.

Message forwarding over SSL with authentication

Simple, secure key management for Lockbox and attr_encrypted

Acmesmith is an [ACME (Automatic Certificate Management Environment)](https://github.com/ietf-wg-acme/acme) client that works perfect on environment with multiple servers. This client saves certificate and keys on cloud services (e.g. AWS S3) securely, then allow to deploy issued certificates onto your servers smoothly. This works well on [Let's encrypt](https://letsencrypt.org).

codesake.com is an application security startup providing code review and penetration test services for Ruby powered web applications. codesake_commons is the gem containing common ground routines useful across the project

Core libraries required for the Ruby Exploitation (Rex) Suite. Rex provides a variety of classes useful for security testing and exploit development.

Brakeman detects security vulnerabilities in Ruby on Rails applications via static analysis. This version of the gem only requires the minimum number of dependencies. Use the 'brakeman' gem for a full install.

Hakiri is a CLI for hakiri.io—a cloud security platform for Ruby on Rails apps.

Using standard Gherkin language to define security tests, gauntlt happily wraps cucumber functionality and provides a security testing framework that security engineers, developers and operations teams can collaborate on together.

ronin-support is a support library for ronin-rb. ronin-support provides many Core Extensions to Ruby's built-in classes as well as its own Classes/Modules. ronin-support can be used by other Ruby libraries, tools, or scripts. It's like pwntools combined with activesupport. ronin-support is part of the ronin-rb project, a Ruby toolkit for security research and development.

This module allows Ruby programs to interface with "RSA Security Inc. PKCS #11 Cryptographic Token Interface (Cryptoki)".

SecurityTrails API wrapper for Ruby

Adds MFA Support to AWS CLI and Ruby SDKs for normal IAM user

Prawn/Security adds document encryption, password protection, and permissions to Prawn.

Safely upload your dependency files on gemnasium.com to track dependencies and get notified about updates and security advisories.WARNING! This gem has been deprecated and support will be discontinued. Please use Gemnasium Toolbelt (https://github.com/gemnasium/toolbelt) instead.

securecompare borrows the secure_compare private method from ActiveSupport::MessageVerifier which lets you do safely compare strings without being vulnerable to timing attacks. Useful for Basic HTTP Authentication in your rack/rails application.

parses and validates your .travis.yml, fast and secure

A secure, non-evaling end user template engine with aesthetic markup.

Adds configurable password policy enforcement to devise.

Simple Authentication and Security Layer (RFC 4422)

This engine is implemented with the premise that services like logging, tracing and encryption would likely already exist in many organizations, so they are factored here so they can easily be re-implemented. There are default implementations here, and we track several excellent Rails projects as potential implementations of services like security and content/digital asset mgt.

Codesake::Dawn is a security source code scanner for ruby powered code. Starting from January 07, 2015 this gem is renamed to dawnscanner and this version is no longer supported. Please, upgrade your Gemfile.

Certificate Authority Service is a highly available, scalable Google Cloud service that enables you to simplify, automate, and customize the deployment, management, and security of private certificate authorities (CA). Note that google-cloud-security-private_ca-v1beta1 is a version-specific client library. For most uses, we recommend installing the main client library google-cloud-security-private_ca instead. See the readme for more details.

Brakeman detects security vulnerabilities in Ruby on Rails applications via static analysis. This package declares gem dependencies instead of bundling them.

Web Security Scanner scans your Compute and App Engine apps for common web vulnerabilities. Note that google-cloud-web_security_scanner-v1 is a version-specific client library. For most uses, we recommend installing the main client library google-cloud-web_security_scanner instead. See the readme for more details.

Rails signed form security

Piculet is a tool to manage EC2 Security Group. It defines the state of EC2 Security Group using DSL, and updates EC2 Security Group according to DSL.

Web Security Scanner scans your Compute and App Engine apps for common web vulnerabilities. Note that google-cloud-web_security_scanner-v1beta is a version-specific client library. For most uses, we recommend installing the main client library google-cloud-web_security_scanner instead. See the readme for more details.

Certificate Authority Service is a highly available, scalable Google Cloud service that enables you to simplify, automate, and customize the deployment, management, and security of private certificate authorities (CA). Note that google-cloud-security-private_ca-v1 is a version-specific client library. For most uses, we recommend installing the main client library google-cloud-security-private_ca instead. See the readme for more details.

Simple, secure sessions for Sinatra

Escher helps you creating secure HTTP requests (for APIs) by signing HTTP(s) requests.

Plugin adds authentication methods to Sequel models using BCrypt library.

ronin-web is a Ruby library that provides common web security commands and additional libraries.

For use with Sinatra + Monk + OHM

With this SDK, you can seamlessly integrate GroupDocs’ document collaboration tools into your Ruby web or mobile application. The tools enable end users to view, securely share, collaboratively annotate, e-sign, assemble, convert and compare over 50 common document and image types (including PDF, Microsoft Office and CAD), all from within your Ruby application and without having to install any office suites or browser plugins. For more details, please visit: http://groupdocs.com/cloud/total-api

guard + bundler-audit = security

Sym is a ruby library (gem) that offers both the command line interface (CLI) and a set of rich Ruby APIs, which make it rather trivial to add encryption and decryption of sensitive data to your development or deployment workflow. For additional security the private key itself can be encrypted with a user-generated password. For decryption using the key the password can be input into STDIN, or be defined by an ENV variable, or an OS-X Keychain Entry. Unlike many other existing encryption tools, Sym focuses on getting out of your way by offering a streamlined interface with password caching (if MemCached is installed and running locally) in hopes to make encryption of application secrets nearly completely transparent to the developers. Sym uses symmetric 256-bit key encryption with the AES-256-CBC cipher, same cipher as used by the US Government. For password-protecting the key Sym uses AES-128-CBC cipher. The resulting data is zlib-compressed and base64-encoded. The keys are also base64 encoded for easy copying/pasting/etc. Sym accomplishes encryption transparency by combining several convenient features: 1. Sym can read the private key from multiple source types, such as pathname, an environment variable name, a keychain entry, or CLI argument. You simply pass either of these to the -k flag — one flag that works for all source types. 2. By utilizing OS-X Keychain on a Mac, Sym offers truly secure way of storing the key on a local machine, much more secure then storing it on a file system, 3. By using a local password cache (activated with -c) via an in-memory provider such as memcached, sym invocations take advantage of password cache, and only ask for a password once per a configurable time period, 4. By using SYM_ARGS environment variable, where common flags can be saved. This is activated with sym -A, 5. By reading the key from the default key source file ~/.sym.key which requires no flags at all, 6. By utilizing the --negate option to quickly encrypt a regular file, or decrypt an encrypted file with extension .enc 7. By implementing the -t (edit) mode, that opens an encrypted file in your $EDITOR, and replaces the encrypted version upon save & exit, optionally creating a backup. 8. By offering the Sym::MagicFile ruby API to easily read encrypted files into memory. Please refer the module documentation available here: https://www.rubydoc.info/gems/sym

Assured Workloads for Government secures government workloads and accelerates the path to running compliant workloads on Google Cloud. Note that google-cloud-assured_workloads-v1beta1 is a version-specific client library. For most uses, we recommend installing the main client library google-cloud-assured_workloads instead. See the readme for more details.

Checks puppet manifests for security related problems.

Command Mapper maps an external command's arguments to Class attributes to allow safely and securely executing commands.