Security News
Supply Chain Attack Detected in Solana's web3.js Library
A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library.
By Sarah Gooding - Dec 03, 2024
Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
rails-audit
- 1.4.0
- Rubygems
Rails Audit
Runs multiple audit and review tools to ensure quality and security of Rails projects
Usage
gem install rails-audit
rails-audit
Minor versions of the audit tools are fixed for a specific version of this gem. Apart from bug fixes in those tools, the code audit results should thus not vary if a specific version of this gem is included in a project's bundle.
Configuration
Additional parameters can be passed to any audit's binary by using a config/audit.yml file. A configuration for cane could look like the following:
Cane:
Parameters: '--style-measure 120 --no-doc'
This can also be used to extend the command and e.g. redirect the output. (WARNING: Thi hase obvious security implications!) Suppressing the license_finder spinner, which is a good idea in CI, would work like this:
LicenseFinder:
Paramters: '>/dev/null'
The audits' names are camel cased in the configuration file. They may be disabled like this:
BundleAudit:
Enabled: false
Rails support may be disabled. Only pure Ruby audits are then executed:
Rails: false
To improve output to the expense of time concurreny can be disabled:
Concurrency: false
Audits
Brakeman
Brakeman is a security scanner for Rails.
bundler-audit
bundler-audit checks Gemfile.lock for any insecure gem versions.
Cane
Cane is a code quality checker. Configuration is done by parameters.
Consistency Fail
Consistency Fail detects missing unique indexes in Rails projects.
License Finder
License Finder checks Gemfiles for any dependencies with unapproved licenses. Approval and whitelisting is done through the license_finder binary.
rails_best_practices
rails_best_practices checks code for violations of the Rails Best Practices list. Configuration is done in the rails_best_practices.yml file, which can be generated using rails_best_practices -g.
Rubocop
Rubocop checks code for violations of the Ruby Style Guide. Configuration is done in the .rubocop.yml file. Rails cops are included automatically depending on whether or not Rails audits are enabled.
FAQs
Unknown package
We found that rails-audit demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 07 Jul 2020
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
By Socket Research Team - Dec 02, 2024
Security News
Research
Typosquatting Cryptographic Libraries: Malicious npm Packages Threaten Crypto Developers with Keylogging and Wallet Theft
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
By Kirill Boychenko - Nov 27, 2024