Securie for Ruby on Rails
Securie covers Rails's controller / strong-parameter / ActiveRecord layer. Mass-assignment, SQL injection via raw interpolation, and CSRF exemptions are all caught pre-merge.
Why it matters for Ruby on Rails
Install on your Rails repo. Every controller, model, and migration is reviewed.
- Rails 7.x + 8.x coverage
- Validates strong_parameters on every controller action
- Detects unsafe raw SQL in scopes and where clauses
- Audits skip_before_action :verify_authenticity_token
Common bugs we catch in Ruby on Rails
Missing strong_parameters
Mass-assignment is still a top Rails bug when strong_params is bypassed.
where("name = #{params[:q]}")
Classic SQL injection. Securie detects string interpolation into Active Record queries.
skip_before_action :verify_authenticity_token
Disables CSRF. Every occurrence requires a justification.
Install in under a minute
- Install the Securie GitHub App on your Rails repo
- Securie detects Gemfile + config/application.rb
- Push any PR.
Ruby on Rails is a trademark of David Heinemeier Hansson. Securie is independent.