Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Keep your project in shape

427 views

Published on

LA-CONF 2013 talk
http://2013.la-conf.org/

Developers always focus on their code, and almost never on the eco-system around their app. Dependencies can quickly make an app vulnerable, because new security holes are discovered every day.

As we can't read all libraries code we're using in our project, it's kind of hard to determine what side effects could be introduced by using this or this package.

Last but not least, APIs evolve, and so are packages. Sometimes APIs versions are deprecated, and if you don't pay attention to that, your app could stop working one day without notice. Ever worse, some packages can simply stop being maintained, leaving no choice then implementing a new one.

That's why it's important to keep your projects in shape, the longer you wait to make it up-to-date, the harder it will be. There are some tools out there to achieve this, that every developer should know about:

gemnasium (dependencies monitoring, and security alerts on them)
rubytoolbox (alternatives)
brakeman (security scanner)

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Keep your project in shape

  1. 1. Keep your project in shapeLA-CONF 2013Philippe Lafoucrière@plafoucriere
  2. 2. I KNOW YOUR PROJECT
  3. 3. Project cycle of life•Fun•Exciting•FreshBORN •Outdated•Missingfeatures•InsecureLIVE•Kill it!•Start overDIEPictures stollen from: https://peepcode.com/products/play-by-play-aaroncoreyI’msorry
  4. 4. Software Maintenance CostTime$
  5. 5. KEEP IT IN SHAPE!
  6. 6. Your Daily Training: Reading Newsletters Commits News site Changelogs Twitter (?) …
  7. 7. Tools
  8. 8. Gemnasium Monitors your projects dependencies Warns you about outdated gems Sends security alerts on your projects Changelog viewer Decision helper about upgrading (coming soon) Free for public projects
  9. 9. The Ruby Toolbox Find alternatives for your deprecated gems The right gem for the job Lots of data Free!
  10. 10. BrakemanScanner gem
  11. 11. Brakeman scanner Scans your [rails app] code and reports security issues Run it every week/month! Lots of known vulnerabilities Your code is secure until it’s not anymore Free and open-source
  12. 12. THANK YOU!
  13. 13. TOP 100 most downloaded gems65%19%13%2%ChangelogValidOutdatedNo ChangelogInvalidNo sourceSource: http://goo.gl/qozgh (shared gdocs)
  14. 14. Links Tools presented https://gemnasium.com https://www.ruby-toolbox.com/ http://brakemanscanner.org/ Other useful tools https://github.com/metricfu/metric_fu/ https://github.com/colszowka/simplecov http://travis-ci.org/ About me https://github.com/gravis https://twitter.com/plafoucriere

×