Safeguard
Tag

ruby-security

Safeguard articles tagged "ruby-security" — guides, analysis, and best practices for software supply chain and application security.

8 articles

Security Guides

Rails Security Best Practices: Strong Parameters, SQL, and Gems

Rails ships secure defaults, but mass assignment, string-interpolated SQL, and unvetted gems still cause real breaches. Here is how to hold the line.

Jul 3, 20265 min read
Security Guides

Ruby Security Best Practices: Deserialization, Injection, and the Gem Supply Chain

Rails is safe by default — until a developer reaches for YAML.load, Kernel#open, or a raw-string query. Here are the Ruby footguns and the gem hygiene that keep them closed.

Jul 1, 20266 min read
Industry Analysis

Ruby Security Explained

Ruby security in one place: the 2019 rest-client hijack, CVE-2022-32224's RCE, RubyGems' MFA mandate, and 2025's credential-stealing gem campaign.

Feb 23, 20267 min read
Industry Analysis

Ruby deserialization vulnerabilities: Marshal.load, YAML....

A decade of Ruby CVEs — from CVE-2013-0156 to CVE-2022-32224 — shows how Marshal.load and YAML.load turn untrusted input into remote code execution.

Feb 2, 20268 min read
Open Source Security

Auditing Ruby dependencies for known CVEs with bundler-audit

A step-by-step bundler-audit tutorial for scanning Ruby gems against known CVEs, patching vulnerable dependencies, and enforcing the check in CI.

Feb 2, 20267 min read
Open Source Security

Case study: RubyGems account takeover incidents and their...

A look at real RubyGems account takeover incidents, including the rest-client hijack, and what they reveal about Ruby supply chain risk.

Feb 2, 20268 min read
Open Source Security

Ruby supply chain security report

A report on Ruby supply chain security: malicious RubyGems campaigns, maintainer credential compromises, and 2025's RubyGems governance dispute.

Nov 21, 20257 min read
Industry Analysis

XXE Prevention in Ruby with Nokogiri NONET/NOENT

Nokogiri wraps libxml2, and one misconfigured parse call can leak local files or trigger SSRF. Here's how NONET and NOENT actually work, and how to lock them down.

Oct 23, 20258 min read
ruby-security — Safeguard Blog