Sample report. Real scan of forem/forem (a public OSS Rails app). Top-line scores and findings are real; specific CVE and column names below are illustrative.
Connect your GitHub repo →
forem/forem
45 · Needs work
Scanned 2026-05-08 · Public OSS sample
Security
35
29 gem CVEs · weak production hardening
Application Quality
55
Rails 7.0 (EOL) · Ruby 3.3 (current)
Infrastructure
65
Monitoring partial · CI present
Code Health
40
43 missing FK indexes · database score 25
Security
Gem Security · 29 advisories matched
12 / 100From bundler-audit against the live Gemfile.lock. Top hits shown; full list links to advisories.
-
High
nokogiri — CVE-2024-XXXX
XML processing memory exhaustion. Patched upstream.
-
High
rack — CVE-2024-XXXX
Denial of service via header parsing. Upgrade required.
-
Med
actionpack — CVE-2024-XXXX
Possible XSS in HTML safe escaping. Upgrade Rails to 7.1+.
- … and 26 more in the live report.
Security Configuration
34 / 100- ✓ force_ssl enabled in production
- ✓ Parameter filtering configured
- × No Content Security Policy detected
- × No rate limiting (rack-attack not in Gemfile)
- ! Hardcoded secret detected in
config/initializers/devise.rb
Application Quality
Rails Version
30 / 100Running Rails 7.0.8.7 — end-of-life. No more security patches. Latest stable is Rails 8.1. Recommended upgrade path: 7.0 → 7.1 → 7.2 → 8.0 → 8.1.
Running Ruby 3.3.0 — current. No action needed; bump to 3.4 when convenient.
Test Health
82 / 100RSpec suite detected with system specs. Coverage tooling (SimpleCov) and FactoryBot in the Gemfile.
Code Health
Database & Schema · 43 missing FK indexes
25 / 100Foreign key columns without an index. Each one will silently degrade query performance as the table grows. Top offenders shown; full list in the live report.
- articles.user_id
- comments.commentable_id
- notifications.notifiable_id
- reactions.reactable_id
- tags.taxonomy_id
- … and 38 more.
Get this for your Rails app.
Connect your GitHub repo. First scan in 60 seconds. No credit card.
Connect your GitHub repo