Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Site updated at Fri Jan 26 12:03:21 AM PST 2024
- Loading branch information
1 parent
ff77d1d
commit 6750048
Showing
2 changed files
with
183 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,182 @@ | ||
|
|
||
| <!DOCTYPE html> | ||
| <!--[if IEMobile 7 ]><html class="no-js iem7"><![endif]--> | ||
| <!--[if lt IE 9]><html class="no-js lte-ie8"><![endif]--> | ||
| <!--[if (gt IE 8)|(gt IEMobile 7)|!(IEMobile)|!(IE)]><!--><html class="no-js" lang="en"><!--<![endif]--> | ||
| <head> | ||
| <meta charset="utf-8"> | ||
| <title>Brakeman: Unmaintained Dependencies</title> | ||
| <meta name="description" content="Brakeman is a static analysis security vulnerability scanner for Ruby on Rails applications."/> | ||
|
|
||
| <!-- http://t.co/dKP3o1e --> | ||
| <meta name="HandheldFriendly" content="True"> | ||
| <meta name="MobileOptimized" content="320"> | ||
| <meta name="viewport" content="width=device-width, initial-scale=1"> | ||
|
|
||
| <meta name="keywords" content="brakeman,ruby on rails,security,scanner,vulnerabilities,static analysis"/> | ||
|
|
||
| <link rel="canonical" href="https://brakemanscanner.org/docs/warning_types/unmaintained_dependency/"/> | ||
| <link href="/favicon.png" rel="shortcut icon" /> | ||
| <link href="/stylesheets/screen.css" media="screen, projection" rel="stylesheet" type="text/css"> | ||
| <script src="/javascripts/modernizr-2.0.js"></script> | ||
| <script src="/javascripts/octopress.js" type="text/javascript"></script> | ||
| <link href="feed.xml" rel="alternate" title="Brakeman" type="application/atom+xml"/> | ||
|
|
||
|
|
||
|
|
||
|
|
||
| <!--Fonts from Google's Web font directory at http://google.com/webfonts --> | ||
| <link href='https://fonts.googleapis.com/css?family=PT+Serif:regular,italic,bold,bolditalic' rel='stylesheet' type='text/css'> | ||
| <link href='https://fonts.googleapis.com/css?family=PT+Sans:regular,italic,bold,bolditalic' rel='stylesheet' type='text/css'> | ||
| <script language="javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.3/jquery.min.js" type="text/javascript"></script> | ||
| <script src="/javascripts/jquery.github_badge.js"></script> | ||
| <meta property="twitter:account_id" content="23978537" /> | ||
|
|
||
| <meta name="twitter:card" content="summary" /> | ||
| <meta name="twitter:site" content="@brakeman" /> | ||
| <meta name="twitter:title" content="Brakeman - Unmaintained Dependencies" /> | ||
| <meta name="twitter:description" content="Brakeman Static Analysis Security Scanner for Ruby on Rails" /> | ||
| <meta name="twitter:image" content="https://brakemanscanner.org/images/brakeman_logo_dark.png" /> | ||
|
|
||
| </head> | ||
|
|
||
| <body > | ||
| <header><hgroup> | ||
| <h1><a href="/">Brakeman</a></h1> | ||
|
|
||
| <h2>Ruby on Rails Static Analysis Security Tool</h2> | ||
|
|
||
| </hgroup> | ||
|
|
||
| </header> | ||
| <nav role=navigation><ul role=subscription data-subscription="rss"> | ||
| <li><a href="feed.xml" rel="subscribe-rss" title="subscribe via RSS">RSS</a></li> | ||
|
|
||
| </ul> | ||
| <form action="" method="get"> | ||
| <fieldset role="site-search"> | ||
| <input type="hidden" name="q" value="site:https://brakemanscanner.org" /> | ||
| <input class="search" type="text" name="q" results="0" placeholder="Search"/> | ||
| </fieldset> | ||
| </form> | ||
| <ul role=main-navigation> | ||
| <li><a href="/">Home</a></li> | ||
| <li><a href="/docs">Documentation</a></li> | ||
| <li><a href="https://github.com/presidentbeef/brakeman">Source</a></li> | ||
| <li><a href="/docs/contributing">Contributing</a></li> | ||
| <li><a href="/brakeman_users">Users</a></li> | ||
| <li><a href="/contact">Contact</a></li> | ||
| </ul> | ||
|
|
||
| </nav> | ||
| <div id="main"> | ||
| <div id="content"> | ||
| <div> | ||
| <article> | ||
|
|
||
| <header> | ||
| <h1 class="entry-title">Unmaintained Dependencies</h1> | ||
| </header> | ||
|
|
||
| <p>Unmaintained or “end-of-life” dependencies can present security risks to your application.</p> | ||
|
|
||
| <p>When a dependency is no longer maintained, its developers may not release new versions with security patches for known | ||
| vulnerabilities. This means that any known vulnerabilities in the dependency remain unpatched, leaving your application open to attacks.</p> | ||
|
|
||
| <p>In addition to known vulnerabilities, older versions of software are likely to receive less scrutiny | ||
| are more likely to contain vulnerabilities that are not published and do not receive any public attention.</p> | ||
|
|
||
| <p>Maintained dependencies are also more likely to follow security best practices, such as using secure coding practices, | ||
| regularly testing for vulnerabilities, and providing timely security patches. Outdated dependencies may not follow these best practices, increasing the | ||
| risk of security vulnerabilities.</p> | ||
|
|
||
| <p>As a library ages, it is more likely to be completely abandoned or forgotten by its creator. | ||
| Abandoned libraries may become target for supply chain attacks, where the attacker takes over an old code repository or | ||
| an account on a package management server (such as RubyGems) and publishes a malicious version of the software.</p> | ||
|
|
||
| <h2 id="ruby-and-rails">Ruby and Rails</h2> | ||
|
|
||
| <p>Ruby versions are generally maintained for 3 years and 3 months after release. Check <a href="https://www.ruby-lang.org/en/downloads/branches/">the listing of maintenance branches</a> for more information.</p> | ||
|
|
||
| <p>Rails is more complicated, but generally only the current series and the last of the previous series is supported. See the <a href="https://guides.rubyonrails.org/maintenance_policy.html#security-issues">Rails Maintenance Policy</a>.</p> | ||
|
|
||
| <hr /> | ||
| <p>Back to <a href="/docs/warning_types">Warning Types</a></p> | ||
|
|
||
|
|
||
| <footer> | ||
| <p class="meta"> | ||
|
|
||
|
|
||
| </p> | ||
| </footer> | ||
|
|
||
| </article> | ||
|
|
||
| </div> | ||
|
|
||
| <aside role=sidebar> | ||
| <section> | ||
| <p></p> | ||
| <p>Brakeman is a free vulnerability scanner specifically designed for Ruby on Rails applications. It statically analyzes Rails application code to find security issues at any stage of development.</p> | ||
| <p><a href="/docs/quickstart">Get started!</a></p> | ||
| </section> | ||
|
|
||
| <section> | ||
| <script type='text/javascript'> | ||
| $(document).ready(function(){ | ||
| $("#github").GitHubBadge({ | ||
| login: "presidentbeef", | ||
| kind: "project", | ||
| repo_name: "brakeman", | ||
| include_github_logo: false, | ||
| image_path: "", | ||
| commit_count: "1", | ||
| issue_count: "0", | ||
| repo_count: "0" | ||
| }); | ||
| }); | ||
| </script> | ||
| <div id="github"></div> | ||
| <a href="https://dl.circleci.com/status-badge/redirect/gh/presidentbeef/brakeman/tree/main"><img src="https://dl.circleci.com/status-badge/img/gh/presidentbeef/brakeman/tree/main.svg?style=svg" /></a> | ||
| </section> | ||
|
|
||
| <section> | ||
| <h1>Recent Posts</h1> | ||
| <ul id="recent_posts"> | ||
|
|
||
| <li class="post"> | ||
| <a href="/blog/2023/12/04/brakeman-6-dot-1-dot-0-released">Brakeman 6.1.0 Released</a> | ||
| </li> | ||
|
|
||
| <li class="post"> | ||
| <a href="/blog/2023/07/20/brakeman-6-dot-0-dot-1-released">Brakeman 6.0.1 Released</a> | ||
| </li> | ||
|
|
||
| <li class="post"> | ||
| <a href="/blog/2023/05/24/brakeman-6-dot-0-released">Brakeman 6.0.0 Released</a> | ||
| </li> | ||
|
|
||
| <li class="post"> | ||
| <a href="/blog/2023/02/21/brakeman-5-dot-4-dot-1-released">Brakeman 5.4.1 Released</a> | ||
| </li> | ||
|
|
||
| <li class="post"> | ||
| <a href="/blog/2022/11/17/brakeman-5-dot-4-dot-0-released">Brakeman 5.4.0 Released</a> | ||
| </li> | ||
|
|
||
| </ul> | ||
| </section> | ||
|
|
||
| </aside> | ||
|
|
||
|
|
||
| </div> | ||
| </div> | ||
| <footer><p> | ||
| <span class="credit">Powered by <a href="http://octopress.org">Octopress</a> | <a href="/content_license">Content license</a></span> | ||
| </p> | ||
|
|
||
| </footer> | ||
| </body> | ||
| </html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters