[LRUG] Keeping track of new security vulnerabilities?
Joel Chippindale
joel.chippindale at gmail.com
Wed Sep 25 06:30:09 PDT 2013
Thanks to all of you for your excellent suggestions.
Both bundler-audit [1] and brakeman [2] look very interesting and I am
certainly going to give them a go.
J.
[1] https://github.com/rubysec/bundler-audit
[2] http://brakemanscanner.org/
On 20 September 2013 12:49, Chris Mear <chrismear at gmail.com> wrote:
> On 20 Sep 2013, at 10:21, Mark Burns <markthedeveloper at gmail.com> wrote:
>
> > Code climate provides a paid for security service. I'm not sure if it is
> any more comprehensive than the any others but it's at least another option
> to throw into the mix.
>
> I've tried this one. It's for Rails apps only, and AFAICT it's just
> running Brakeman for you:
>
> http://brakemanscanner.org
>
> Which is not to say the service doesn't add some potentially handy
> features: email notifications, tracking of individual problems until they
> are fixed, easy marking of false-positives, automatic ticket creation... I
> just didn't personally find those worth the entry fee.
>
> Chris
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lrug.org/pipermail/chat-lrug.org/attachments/20130925/e26cdf11/attachment-0003.html>
More information about the Chat
mailing list