Project

spektr

0.02
No release in over a year
spektrgregmolnar/spektrHomepageDocumentationSource CodeBug TrackerWiki
Rails static code analyzer for security issues
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Popularity
Downloads
8,272
Stars
59
Forks
1
Watchers
4
 Releases
Current version
0.4.1
Total releases
8
First release
2022-06-21
Latest release
2023-03-04
 Issues
Open Issues
0
Closed Issues
7
Total Issues
7
Issue Closure Rate
100%
 Pull Requests
Open Pull Requests
0
Closed Pull Requests
0
Merged Pull Requests
4
Pull Request Acceptance Rate
100%
 Development
Primary Language
Ruby
Licenses
Spektr Custom Licence
Average date of last 50 commits
2022-12-06
Reverse Dependencies
0

 Dependencies

Development

byebug
>= 0
guard
>= 0
guard-minitest
>= 0
minitest
~> 5.0
rake
~> 12.0
rubocop
>= 0

Runtime

erubi
>= 0
haml
>= 0
parser
>= 2.6.0
pastel
>= 0
ruby_parser
>= 3.0
slim
>= 0
tty-color
>= 0
tty-option
>= 0
tty-spinner
>= 0
tty-table
>= 0
zeitwerk
>= 2.6
 Project Readme

Spektr

Ruby CI

Spektr is a static-code analyser for Ruby On Rails applications to find security issues.

Installation

Add this line to your application's Gemfile:

gem 'spektr'

And then execute:

$ bundle install

Or install it yourself as:

$ gem install spektr

Usage

If you are using in your app:

spektr

If you want to scan an app in another folder:

spektr path/to/app

To see the available options, you can run spektr --help.

To ignore a finding, you can use the --ignore flag with a comma separated list of fingerprints from the report.

Railsgoat Example output

Railgoat example

False positives

Due to the nature of static-code analysis, Spektr might report false positives. Please report them, so I can try to tweak the check.

Development

After checking out the repo, run bin/setup to install dependencies. Then, run rake test to run the tests. You can also run bin/console for an interactive prompt that will allow you to experiment.

To install this gem onto your local machine, run bundle exec rake install. To release a new version, update the version number in version.rb, and then run bundle exec rake release, which will create a git tag for the version, push git commits and tags, and push the .gem file to rubygems.org.

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/gregmolnar/spektr. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the code of conduct.

License

The gem is available as open source under the terms described in the licence. Non-commercial use is free of charge, to obtain a commercial licence, contact us at info[at]spektrhq.com. If you are looking for a hosted solution, take a look at SpektrHQ.

Code of Conduct

Everyone interacting in the Spektr project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the code of conduct.

FAQ

I use Spektr in my closed-source paid product making millions of dollars, is that non-commercial use?

Yes, this is perfectly fine without obtaining a licence. You can however donate to the development here on Github.

I want to use Spektr in my automated code analyser SaaS, do I need a commercial licence?

Yes, please get in touch at info[at]spektrhq.com and we will work something out.

I am a penetration tester and I'd like to use Spektr to audit on a paid engagement. Do I need a commercial licence?

No. You are free to use it for that purpose, happy bug hunting!