1

Using Brakeman

One of the tools I learned about at Ekoparty was Brakeman, an open-source vulnerability scanner which does static analysis of Ruby on Rails applications’ code to find security issues. It’s a gem, so installing it is straightforward:

Polishing a gem

Since Watu is an application written using Ruby on Rails, we use a lot of gems. A couple of weeks ago I found a bug in one of these gems. In this situation, the common action is to fix the bug and provide a patch upstream. The problem was that the gem was really out of shape: tests were red, there …

Run bundler-audit during testing

There’s a gem called bundler-audit that checks whether any of the gems in your project have open security advisors against them. A year or so ago there was an infamous month in which Rails itself got three of those. It was terrible and I think bundler-audit is a good idea. My only problem with it is having to remember to …

random_unique_id version 1.0.0 released

The core of random_unique_id was developed for Watu very early on, which means that it has been used in production for more than two years and a few thousands millions of records. It’s been released as a gem and we had a few iterations. It has 100% code coverage, code climate rating 4.0, 100% documentation coverage, a running continuous integration testing for …