Safeguard
Tag

ruby

Safeguard articles tagged "ruby" — guides, analysis, and best practices for software supply chain and application security.

24 articles

Industry Analysis

Secure Random Number Generation in Ruby with SecureRandom

Ruby's built-in rand() uses a predictable Mersenne Twister and should never generate tokens, passwords, or session IDs. Here's how SecureRandom fixes that.

Oct 19, 20257 min read
Best Practices

Enterprise Rails Security Audit: 2025 Field Notes

After 14 Rails audits in the last 12 months, the same eight issues kept surfacing. Here's the 2025 field checklist for Rails 7.2 and 8.0 enterprise apps.

May 16, 20255 min read
Open Source Security

JRuby Supply Chain Considerations

JRuby sits at the intersection of the Ruby and Java supply chains, and the security story reflects both. A look at how JRuby's dual nature affects gem security and what defenders should know.

Nov 5, 20248 min read
Open Source Security

Ruby Native Extensions Supply Chain

Native C extensions are the most under-audited part of the Ruby supply chain: how they get built, what can go wrong, and how to monitor them as seriously as you monitor pure-Ruby code.

Oct 8, 20248 min read
Vulnerability Management

bundler-audit Production Setup

A practical guide to running bundler-audit in production CI pipelines, including advisory database updates, exception handling, and integration with remediation workflows.

Jul 2, 20247 min read
Open Source Security

Bundler Lockfile Security Practices

How to use Gemfile.lock as a real security artifact: checksums, frozen mode, reproducible resolves, and what changed in Bundler 2.5's expanded lockfile format.

Jun 14, 20248 min read
Open Source Security

RubyGems 2FA Enforcement Analysis

A look at how RubyGems.org rolled out mandatory 2FA for high-traffic gem maintainers, what it has caught, and what gaps still remain in the account-compromise defense story.

Apr 18, 20247 min read
Case Studies

Shopify's Supply Chain Security Program

How Shopify built a supply chain security program that protects millions of merchants while maintaining the development velocity that e-commerce demands.

Feb 20, 20247 min read
Software Supply Chain Security

RubyGems Yanked Gems: Security Risks of Removed Ruby Packages

When a Ruby gem is yanked from RubyGems.org, it creates security risks for projects that depended on it. Understanding the yanking mechanism is critical for Ruby supply chain security.

Nov 5, 20235 min read
Case Studies

Stripe's Dependency Security Practices

How Stripe secures its software dependencies while processing billions of dollars in payments, with a focus on Ruby ecosystem hardening and dependency isolation.

Jul 12, 20237 min read
DevSecOps

Ruby Brakeman Security Scanner: Rails-Aware Vulnerability Detection

Brakeman understands Rails conventions and catches security issues that generic scanners miss. Here is how to use it effectively.

Mar 15, 20235 min read
Dependency Security

Ruby Gems Supply Chain Security

Protecting your Ruby applications from gem-based supply chain attacks with Bundler security features, gem signing, and auditing.

Jun 20, 20224 min read
ruby (Page 2) — Safeguard Blog