I discuss how to keep up to date on the security disclosures for Ruby and frameworks such as Rails and Sinatra. I cover all the different places to receive notifications for all of the services in my application stack.
5. Gems?
Check them all?
Use ‘gem outdated’
Discussion on signing but no notification:
http://guides.rubygems.org/security/
http://www.rubysec.com/
https://gemcanary.com/
6. What about your code?
Brakeman: http://brakemanscanner.org/