Dawnscanner

Version 1.6.2

What's dawnscanner?

Dawnscanner is a source code scanner designed to review your ruby code for security issues. Dawnscanner is able to scan plain ruby scripts (e.g. command line applications) but all its features are unleashed when dealing with web applications source code. It supports major MVC (Model View Controller) frameworks, out of the box:

Start using dawnscanner

dawnscanner rubygem is cryptographically signed. To be sure the gem you install hasn’t been tampered, you must first add paolo@dawnscanner.org public signing certificate as trusted to your gem specific keyring.

$ gem cert --add <(curl -Ls https://raw.githubusercontent.com/thesp0nge/dawnscanner/master/certs/paolo_at_dawnscanner_dot_org.pem)

You can install latest dawnscanner version, fetching it from rubygems.org by typing:

$ gem install dawnscanner -P MediumSecurity

The MediumSecurity trust profile will verify signed gems, but allow the installation of unsigned dependencies. This is necessary because not all of Dawn’s dependencies are signed, so we cannot use HighSecurity.

In order to install a release candidate version, the gem install command line is the following:

$ gem install dawnscanner --pre -P MediumSecurity

If you want to add dawn to your project Gemfile, you must add the following:

group :development do gem 'dawnscanner', :require=>false end

And then upgrade your bundle

$ bundle install

You may want to build it from source, so you have to check it out from github first:

$ git clone https://github.com/thesp0nge/dawnscanner.git
$ cd dawnscanner
$ bundle install
$ rake install

And the dawnscanner gem will be built in a pkg directory and then installed on your system. Please note that you have to manage dependencies on your own this way. It makes sense only if you want to hack the code or something like that.