rails-security-audits

Audit Rails applications for security vulnerabilities using Brakeman, Bundler Audit, and security best practices. Use when scanning for CVEs, setting up security checks, or implementing security headers.

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "rails-security-audits" with this command: npx skills add shivamsinghchahar/rails-skills/shivamsinghchahar-rails-skills-rails-security-audits

Rails Security Audits

Identify and fix security vulnerabilities in Rails applications. This skill covers vulnerability scanning, dependency auditing, and security best practices.

Quick Start

Add security gems:

group :development, :test do
  gem 'brakeman', require: false
  gem 'bundler-audit', require: false
end

Run security scans:

# Scan for Rails vulnerabilities
bundle exec brakeman

# Audit dependencies for known vulnerabilities
bundle exec bundler-audit check --update

# Update vulnerability database
bundle exec bundler-audit update

Setup security headers in Rails:

# config/initializers/content_security_policy.rb
Rails.application.configure do
  config.content_security_policy do |policy|
    policy.default_src :self
    policy.script_src :self, :unsafe_inline
    policy.style_src :self, :unsafe_inline
  end
end

Core Topics

Brakeman Security: See brakeman-security.md for static analysis and common vulnerabilities.

Bundler Audit: See bundler-audit.md for dependency vulnerability tracking.

Security Headers: See csp-headers.md for content security policy and headers.

Patterns: See patterns.md for common vulnerabilities and fixes.

Examples

See examples.md for configurations.

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

General

rails-testing-rspec

No summary provided by upstream source.

Repository SourceNeeds Review
4-shivamsinghchahar
General

rails-action-mailer

No summary provided by upstream source.

Repository SourceNeeds Review
3-shivamsinghchahar
General

rails-active-record

No summary provided by upstream source.

Repository SourceNeeds Review
3-shivamsinghchahar
General

rails-active-storage

No summary provided by upstream source.

Repository SourceNeeds Review
3-shivamsinghchahar