After 9 months of development, it’s now time for Codesake::Dawn security source code scanner first major release.<p>Codesake::Dawn is a static analysis security scanner for ruby written web applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.<p>Version 1.0 introduces 142 security checks against public bulletins since 2006, you can use to check the vulnerabilities introduced by third party libraries your web application include in its Gemfile.<p>Writing safe code it’s important, but sometimes security issues are introduced by third party code your application relies on. As example, consider a SQL Injection vulnerability introduced by Ruby on Rails framework. Despite the effort you spend in sanitize inputs, your web application inherits the vulnerability suffering as well. An attacker can easily exploit it and break into your database unless you upgrade the offended gem.<p>There is a comprehensive set of command line flags you can read more by issuing dawn -h flag or by reading project README file.<p>The list of security checks included in version 1.0.0 can be found online at: <a href="http://dawn.codesake.com/knowledge-base" rel="nofollow">http://dawn.codesake.com/knowledge-base</a>.<p>You can use facilities provided by github to submit bug reports, product enhancements, new security checks you want to me to add in future releases and even success stories.<p>Now it’s time for you to install Codesake::Dawn version 1.0.0 with the following command and start reviewing your code for security issues:<p>$ gem install codesake-dawn<p>Enjoy it! Paolo - paolo@codesake.com