The state of Security in Rails 8 | Greg Molnar

Rails 7.2 introduced a default GitHub Actions file to run Dependabot checks on the repository. If you don’t know what Dependabot is, it is an automation on GitHub to alert about outdated or vulnerable dependencies. Why is that important? When a vulnerability is published to any of your dependencies, hackers can use them to exploit your application. In some cases automated attacks are launched within a day of a CVE, but there are also targeted attacks and some of you even share your Gemfile on Twitter, so it is easy to find out what gems are used in apps. And even though the Rails ecosystem is really good in regards to security, there are still vulnerabilties published often. Just to name a few:.