Keep your project in shape

16
Keep your project in shape LA-CONF 2013 Philippe Lafoucrière @plafoucriere

description

LA-CONF 2013 talk http://2013.la-conf.org/ Developers always focus on their code, and almost never on the eco-system around their app. Dependencies can quickly make an app vulnerable, because new security holes are discovered every day. As we can't read all libraries code we're using in our project, it's kind of hard to determine what side effects could be introduced by using this or this package. Last but not least, APIs evolve, and so are packages. Sometimes APIs versions are deprecated, and if you don't pay attention to that, your app could stop working one day without notice. Ever worse, some packages can simply stop being maintained, leaving no choice then implementing a new one. That's why it's important to keep your projects in shape, the longer you wait to make it up-to-date, the harder it will be. There are some tools out there to achieve this, that every developer should know about: gemnasium (dependencies monitoring, and security alerts on them) rubytoolbox (alternatives) brakeman (security scanner)

Transcript of Keep your project in shape

Page 1: Keep your project in shape

Keep your project in shapeLA-CONF 2013

Philippe Lafoucrière

@plafoucriere

Page 2: Keep your project in shape

I KNOW YOUR PROJECT

Page 3: Keep your project in shape

Project cycle of life

• Fun• Exciting• Fresh

BORN • Outdated• Missing

features• Insecure

LIVE• Kill it!• Start over

DIE

Pictures stollen from: https://peepcode.com/products/play-by-play-aaroncorey

I’m sorr

y

Page 4: Keep your project in shape

Software Maintenance Cost

Time

$

DANGER

ZONE

Page 5: Keep your project in shape

KEEP IT IN SHAPE!

Page 6: Keep your project in shape

Your Daily Training: Reading

Newsletters

Commits

News site

Changelogs

Twitter (?)

Page 7: Keep your project in shape

Tools

Page 8: Keep your project in shape
Page 9: Keep your project in shape

Gemnasium

Monitors your projects dependencies

Warns you about outdated gems

Sends security alerts on your projects

Changelog viewer

Decision helper about upgrading (coming soon)

Free for public projects

Page 10: Keep your project in shape
Page 11: Keep your project in shape

The Ruby Toolbox

Find alternatives for your deprecated gems

The right gem for the job

Lots of data

Free!

Page 12: Keep your project in shape

Brakeman Scanner gem

Page 13: Keep your project in shape

Brakeman scanner

Scans your [rails app] code and reports security issues

Run it every week/month!

Lots of known vulnerabilities

Your code is secure until it’s not anymore

Free and open-source

Page 14: Keep your project in shape

THANK YOU!

Page 15: Keep your project in shape

TOP 100 most downloaded gems

65%

19%

13%2%

ChangelogValid OutdatedNo ChangelogInvalidNo source

Source: http://goo.gl/qozgh (shared gdocs)

Page 16: Keep your project in shape

Links

Tools presented https://gemnasium.com https://www.ruby-toolbox.com/ http://brakemanscanner.org/

Other useful tools https://github.com/metricfu/metric_fu/ https://github.com/colszowka/simplecov http://travis-ci.org/

About me https://github.com/gravis https://twitter.com/plafoucriere