I just released Codesake::Dawn version 1.2. Dawn is a source code scanner for security issues designed to analyze ruby written web applications.
It supports Rails, Sinatra and Padrino and it has 180 security checks in its codebase.
Now I'm working to integrate ruby_parser gem and to add in depth ruby code parsing and understanding so to spot also custom vulnerabilities introduced in the web application.
Now it can spot just vulns introduced by the libraries version you're using in your Gemfile.
Codesake-dawn gem (I wrote), and brakeman scanner are the ones you're looking for. You can run locally on your projects and having some remediation hints.
Hi there I'm the man behind the codesake-dawn security scanner for ruby code. It will be great having some of you comparing the results obtainw with haikiri or other scanner and mine. Just for sake to reach an enterprise level tool.
After 9 months of development, it’s now time for Codesake::Dawn security source code scanner first major release.
Codesake::Dawn is a static analysis security scanner for ruby written web applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.
Version 1.0 introduces 142 security checks against public bulletins since 2006, you can use to check the vulnerabilities introduced by third party libraries your web application include in its Gemfile.
Writing safe code it’s important, but sometimes security issues are introduced by third party code your application relies on. As example, consider a SQL Injection vulnerability introduced by Ruby on Rails framework. Despite the effort you spend in sanitize inputs, your web application inherits the vulnerability suffering as well. An attacker can easily exploit it and break into your database unless you upgrade the offended gem.
There is a comprehensive set of command line flags you can read more by issuing dawn -h flag or by reading project README file.
You can use facilities provided by github to submit bug reports, product enhancements, new security checks you want to me to add in future releases and even success stories.
Now it’s time for you to install Codesake::Dawn version 1.0.0 with the following command and start reviewing your code for security issues:
It supports Rails, Sinatra and Padrino and it has 180 security checks in its codebase. Now I'm working to integrate ruby_parser gem and to add in depth ruby code parsing and understanding so to spot also custom vulnerabilities introduced in the web application.
Now it can spot just vulns introduced by the libraries version you're using in your Gemfile.
It would be great having your feedback, here or in our Google group: https://groups.google.com/d/forum/codesake-dawn
Thank you Paolo