re: Rails quick tips #4: Keep your bundle secure with bundler-audit VIEW POST

VIEW FULL DISCUSSION
 
 

Nice! The founder's a good friend of mine, he'll be happy to see this shared here :)

 

A little late to the party, but yes, I'm very happy to see this shared here <3

 

This is the first time I've heard of GuardRails. I'm looking over its home page now. Is it a CI/CD tool? Or is it specifically just for assessing vulnerabilities. It seems like a really neat tool!

 

Hello Jess, thanks for the kind words!

Right now GuardRails is available as a GitHub application that gives you security feedback directly in your Pull Requests.

In many ways, it is similar to a CI/CD tool, but one that automatically orchestrates a wide range of security tools.

Based on the languages in your repository, it would automatically select the right engines to run, unify the results, filter out irrelevant findings and false positives. The security issues are then made available as a comment in the Pull Request, with links to relevant file and line. It also provides a link to our detailed documentation on how to fix a given issue based on the language it was identified in.

In a sentence, GuardRails continuously provides you with accurate and actionable security feedback directly in your development workflow.

Looking forward to getting your feedback. Let me know if you have any questions.

code of conduct - report abuse