[LRUG] Keeping track of new security vulnerabilities?

Joel Chippindale joel.chippindale at gmail.com
Wed Sep 25 06:30:09 PDT 2013

Thanks to all of you for your excellent suggestions.

Both bundler-audit [1] and brakeman [2] look very interesting and I am
certainly going to give them a go.


[1] https://github.com/rubysec/bundler-audit
[2] http://brakemanscanner.org/

On 20 September 2013 12:49, Chris Mear <chrismear at gmail.com> wrote:

> On 20 Sep 2013, at 10:21, Mark Burns <markthedeveloper at gmail.com> wrote:
> > Code climate provides a paid for security service. I'm not sure if it is
> any more comprehensive than the any others but it's at least another option
> to throw into the mix.
> I've tried this one. It's for Rails apps only, and AFAICT it's just
> running Brakeman for you:
> http://brakemanscanner.org
> Which is not to say the service doesn't add some potentially handy
> features: email notifications, tracking of individual problems until they
> are fixed, easy marking of false-positives, automatic ticket creation... I
> just didn't personally find those worth the entry fee.
> Chris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lrug.org/pipermail/chat-lrug.org/attachments/20130925/e26cdf11/attachment-0003.html>

More information about the Chat mailing list