GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → appfolio → Gemsurance

appfolio / Gemsurance

Licence: mit
Gem vulnerability checker using rubysec/ruby-advisory-db

Programming Languages

ruby
36898 projects - #4 most used programming language

Labels

vulnerabilitygem

Projects that are alternatives of or similar to Gemsurance

vrt-ruby
Ruby library for interacting with Bugcrowd's VRT
Stars: ✭ 15 (-92.75%)
Mutual labels:  gem, vulnerability
Api Fuzzer
API Fuzzer which allows to fuzz request attributes using common pentesting techniques and lists vulnerabilities
Stars: ✭ 238 (+14.98%)
Mutual labels:  gem, vulnerability
Vulnix
Vulnerability (CVE) scanner for Nix/NixOS.
Stars: ✭ 161 (-22.22%)
Mutual labels:  vulnerability
Wavefile
A Ruby gem for reading and writing sound files in Wave format (*.wav)
Stars: ✭ 193 (-6.76%)
Mutual labels:  gem
Adapt
ADAPT is a tool that performs automated Penetration Testing for WebApps.
Stars: ✭ 179 (-13.53%)
Mutual labels:  vulnerability
Js Vuln Db
A collection of JavaScript engine CVEs with PoCs
Stars: ✭ 2,087 (+908.21%)
Mutual labels:  vulnerability
Dvhma
Damn Vulnerable Hybrid Mobile App (DVHMA) is an hybrid mobile app (for Android) that intentionally contains vulnerabilities.
Stars: ✭ 180 (-13.04%)
Mutual labels:  vulnerability
Burp Retire Js
Burp/ZAP/Maven extension that integrate Retire.js repository to find vulnerable Javascript libraries.
Stars: ✭ 157 (-24.15%)
Mutual labels:  vulnerability
Arctic admin
Responsive Theme for ActiveAdmin
Stars: ✭ 201 (-2.9%)
Mutual labels:  gem
Instagram Crawler
Crawl instagram photos, posts and videos for download.
Stars: ✭ 178 (-14.01%)
Mutual labels:  gem
Howtohunt
Tutorials and Things to Do while Hunting Vulnerability.
Stars: ✭ 2,996 (+1347.34%)
Mutual labels:  vulnerability
Godnslog
An exquisite dns&http log server for verify SSRF/XXE/RFI/RCE vulnerability
Stars: ✭ 172 (-16.91%)
Mutual labels:  vulnerability
Javalearnvulnerability
Java漏洞学习笔记 Deserialization Vulnerability
Stars: ✭ 160 (-22.71%)
Mutual labels:  vulnerability
Ougai
A Ruby structured logging is capable of handling a message, custom data or an exception easily and generates JSON or human readable logs.
Stars: ✭ 187 (-9.66%)
Mutual labels:  gem
Vulscan
Advanced vulnerability scanning with Nmap NSE
Stars: ✭ 2,305 (+1013.53%)
Mutual labels:  vulnerability
Papers
SlowMist Vulnerability Research Advisories
Stars: ✭ 197 (-4.83%)
Mutual labels:  vulnerability
Zeebsploit
web scanner - exploitation - information gathering
Stars: ✭ 159 (-23.19%)
Mutual labels:  vulnerability
Cve Check Tool
Original Automated CVE Checking Tool
Stars: ✭ 172 (-16.91%)
Mutual labels:  vulnerability
Avpwn
List of real-world threats against endpoint protection software
Stars: ✭ 179 (-13.53%)
Mutual labels:  vulnerability
Squid
A Ruby library to plot charts in PDF files
Stars: ✭ 205 (-0.97%)
Mutual labels:  gem
View All Similar Projects ➔

Build Status Gem Version Code Climate

Gemsurance: Insurance for your Gems

Gemsurance is a tool for monitoring if any of your Ruby Gems are out-of-date or vulnerable. It uses Bundler and the Ruby Advisory Database to do so. It's similar to bundler-audit, but outputs an HTML report and determines which gems are out-of-date as well.

Getting started

To install Gemsurance, add

gem 'gemsurance'

to your Gemfile and run bundle install.

Use gemsurance by running

bundle exec gemsurance [options]

from the directory containing the Gemfile whose gems you wish to check.

This will output an HTML file (named gemsurance_report.html by default) in the current directory containing a report of your gem status: which gems are out-of-date and which gems have reported vulnerabilities in the Ruby Advisory Database. The Ruby Advisory Database git repo will be checked out into tmp/vulnerabilities relative to the working directory.

Example Gemsurance report

Gems that are up-to-date are colored green and gems that are out-of-date but without reported vulnerabilities are colored yellow. Vulnerable gems are colored red, and information about the vulnerability and versions with a patch for the issue is displayed in the rightmost column.

Gemsurance exits with code 0 if there are no gems with reported vulnerabilities and code 1 if there are any such gems.

Integration into a Rails RSpec suite

Running the gemsurance check as part of your RSpec test suite will cause an RSpec failure whenever a gem with a known vulnerability is detected in your application. This is incredibly useful if your application is tested regularly by a CI build. You can set this up by adding sample_spec/gemsurance_spec.rb to your RSpec tests.

Command-line options

Command-line options to the gemsurance executable are as follows:

  • --pre: Consider pre-release gem versions
  • --output FILE: Output report to specified file
  • --whitelist FILE: Read whitelist from file. Defaults to .gemsurance.yml
  • --format FORMAT: Output report to specified format (html, csv, & yml available). Html by default.

The whitelist must be in the format

---
nokogiri:
  CVE-2015-1819:
    - 1.5.9
    - 1.6.0
  OSVDB-101179:
    - 1.5.6
    - 1.6.0

TODOs

  • Support Git versions of gems
  • Formatting as JSON

Contributing

Contributions are always welcome. Please fork the repo and create a pull request or create an issue.

Acknowledgements

Thanks to Bundler and the Ruby Advisory Database, upon which Gemsurance is based.

License

MIT License.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].