View
183
Download
1
Category
Tags:
Preview:
DESCRIPTION
LA-CONF 2013 talk http://2013.la-conf.org/ Developers always focus on their code, and almost never on the eco-system around their app. Dependencies can quickly make an app vulnerable, because new security holes are discovered every day. As we can't read all libraries code we're using in our project, it's kind of hard to determine what side effects could be introduced by using this or this package. Last but not least, APIs evolve, and so are packages. Sometimes APIs versions are deprecated, and if you don't pay attention to that, your app could stop working one day without notice. Ever worse, some packages can simply stop being maintained, leaving no choice then implementing a new one. That's why it's important to keep your projects in shape, the longer you wait to make it up-to-date, the harder it will be. There are some tools out there to achieve this, that every developer should know about: gemnasium (dependencies monitoring, and security alerts on them) rubytoolbox (alternatives) brakeman (security scanner)
Citation preview
Keep your project in shapeLA-CONF 2013
Philippe Lafoucrière
@plafoucriere
I KNOW YOUR PROJECT
Project cycle of life
• Fun• Exciting• Fresh
BORN • Outdated• Missing
features• Insecure
LIVE• Kill it!• Start over
DIE
Pictures stollen from: https://peepcode.com/products/play-by-play-aaroncorey
I’m sorr
y
Software Maintenance Cost
Time
$
DANGER
ZONE
KEEP IT IN SHAPE!
Your Daily Training: Reading
Newsletters
Commits
News site
Changelogs
Twitter (?)
…
Tools
Gemnasium
Monitors your projects dependencies
Warns you about outdated gems
Sends security alerts on your projects
Changelog viewer
Decision helper about upgrading (coming soon)
Free for public projects
The Ruby Toolbox
Find alternatives for your deprecated gems
The right gem for the job
Lots of data
Free!
Brakeman Scanner gem
Brakeman scanner
Scans your [rails app] code and reports security issues
Run it every week/month!
Lots of known vulnerabilities
Your code is secure until it’s not anymore
Free and open-source
THANK YOU!
TOP 100 most downloaded gems
65%
19%
13%2%
ChangelogValid OutdatedNo ChangelogInvalidNo source
Source: http://goo.gl/qozgh (shared gdocs)
Links
Tools presented https://gemnasium.com https://www.ruby-toolbox.com/ http://brakemanscanner.org/
Other useful tools https://github.com/metricfu/metric_fu/ https://github.com/colszowka/simplecov http://travis-ci.org/
About me https://github.com/gravis https://twitter.com/plafoucriere
Recommended