diff --git a/Gemfile b/Gemfile
index 19723fa4d4c33b19fe8700d96f89edd348558499..5ea8d64ad6f72aea74a13e8d9801e03f127c269b 100644
--- a/Gemfile
+++ b/Gemfile
@@ -92,6 +92,11 @@ gem 'font-awesome-rails'
group :development do
gem 'immigrant'
+ # static analysis tool for security vulnerabilities
+ gem 'brakeman', require: false
+
+ gem 'dawnscanner', require: false
+
# evaluate source code
gem 'rubycritic', require: false
diff --git a/Gemfile.lock b/Gemfile.lock
index e36c1e4ae17145fb149ad4da3ace41226dbea435..85f255300c3cb460a49def2ff95c39f5c65ae34e 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -48,6 +48,8 @@ GEM
ice_nine (~> 0.11.0)
thread_safe (~> 0.3, >= 0.3.1)
bcrypt (3.1.10)
+ bcrypt-ruby (3.1.5)
+ bcrypt (>= 3.1.3)
best_in_place (3.1.0)
actionpack (>= 3.2)
railties (>= 3.2)
@@ -60,6 +62,16 @@ GEM
bootstrap-sass (3.3.6)
autoprefixer-rails (>= 5.2.1)
sass (>= 3.3.4)
+ brakeman (3.2.1)
+ erubis (~> 2.6)
+ haml (>= 3.0, < 5.0)
+ highline (>= 1.6.20, < 2.0)
+ ruby2ruby (~> 2.3.0)
+ ruby_parser (~> 3.8.1)
+ safe_yaml (>= 1.0)
+ sass (~> 3.0)
+ slim (>= 1.3.6, < 4.0)
+ terminal-table (~> 1.4)
builder (3.2.2)
bullet (5.0.0)
activesupport (>= 3.0.0)
@@ -88,7 +100,32 @@ GEM
concurrent-ruby (1.0.1)
connection_pool (2.2.0)
curb (0.8.8)
+ cvss (0.99.0)
dalli (2.7.6)
+ data_mapper (1.2.0)
+ dm-aggregates (~> 1.2.0)
+ dm-constraints (~> 1.2.0)
+ dm-core (~> 1.2.0)
+ dm-migrations (~> 1.2.0)
+ dm-serializer (~> 1.2.0)
+ dm-timestamps (~> 1.2.0)
+ dm-transactions (~> 1.2.0)
+ dm-types (~> 1.2.0)
+ dm-validations (~> 1.2.0)
+ data_objects (0.10.17)
+ addressable (~> 2.1)
+ dawnscanner (1.6.2)
+ cvss
+ data_mapper
+ dm-sqlite-adapter
+ haml
+ justify
+ logger-colors
+ ptools
+ ruby_parser
+ sqlite3
+ sys-uname
+ terminal-table
debug_inspector (0.0.2)
descendants_tracker (0.0.4)
thread_safe (~> 0.3, >= 0.3.1)
@@ -102,6 +139,42 @@ GEM
devise_token_auth (0.1.37)
devise (> 3.5.2, < 4.1)
rails (< 6)
+ dm-aggregates (1.2.0)
+ dm-core (~> 1.2.0)
+ dm-constraints (1.2.0)
+ dm-core (~> 1.2.0)
+ dm-core (1.2.1)
+ addressable (~> 2.3)
+ dm-do-adapter (1.2.0)
+ data_objects (~> 0.10.6)
+ dm-core (~> 1.2.0)
+ dm-migrations (1.2.0)
+ dm-core (~> 1.2.0)
+ dm-serializer (1.2.2)
+ dm-core (~> 1.2.0)
+ fastercsv (~> 1.5)
+ json (~> 1.6)
+ json_pure (~> 1.6)
+ multi_json (~> 1.0)
+ dm-sqlite-adapter (1.2.0)
+ dm-do-adapter (~> 1.2.0)
+ do_sqlite3 (~> 0.10.6)
+ dm-timestamps (1.2.0)
+ dm-core (~> 1.2.0)
+ dm-transactions (1.2.0)
+ dm-core (~> 1.2.0)
+ dm-types (1.2.2)
+ bcrypt-ruby (~> 3.0)
+ dm-core (~> 1.2.0)
+ fastercsv (~> 1.5)
+ json (~> 1.6)
+ multi_json (~> 1.0)
+ stringex (~> 1.4)
+ uuidtools (~> 2.1)
+ dm-validations (1.2.0)
+ dm-core (~> 1.2.0)
+ do_sqlite3 (0.10.17)
+ data_objects (= 0.10.17)
dspace_rest_client (2.2.5)
activesupport (~> 4.2, >= 4.2.0)
faraday (~> 0.9.2)
@@ -124,7 +197,9 @@ GEM
fast_stack (0.1.0)
rake
rake-compiler
+ fastercsv (1.5.5)
feature (1.3.0)
+ ffi (1.9.10)
flamegraph (0.1.0)
fast_stack
flay (2.6.1)
@@ -140,7 +215,10 @@ GEM
terminal-table
globalid (0.3.6)
activesupport (>= 4.1.0)
+ haml (4.0.7)
+ tilt
hashie (3.4.3)
+ highline (1.7.8)
httparty (0.13.7)
json (~> 1.8)
multi_xml (>= 0.5.2)
@@ -161,6 +239,8 @@ GEM
jquery-ui-rails (5.0.5)
railties (>= 3.2.16)
json (1.8.3)
+ json_pure (1.8.3)
+ justify (1.0.2)
jwt (1.5.1)
kaminari (0.16.3)
actionpack (>= 3.0.0)
@@ -170,6 +250,7 @@ GEM
libarchive-static (1.0.5)
libv8 (3.16.14.13)
locastyle (0.0.3)
+ logger-colors (1.0.0)
loofah (2.0.3)
nokogiri (>= 1.5.9)
mail (2.6.3)
@@ -226,7 +307,9 @@ GEM
parser (2.3.0.6)
ast (~> 2.2)
pg (0.18.4)
+ phantomjs (2.1.1.0)
private_attr (1.1.0)
+ ptools (1.3.3)
puma (3.0.2)
pundit (1.1.0)
activesupport (>= 3.0.0)
@@ -282,6 +365,9 @@ GEM
resumablejs-rails (1.1)
railties (> 3.1, < 5)
rmagick (2.15.4)
+ ruby2ruby (2.3.0)
+ ruby_parser (~> 3.1)
+ sexp_processor (~> 4.0)
ruby_parser (3.8.1)
sexp_processor (~> 4.1)
rubycritic (2.7.1)
@@ -292,6 +378,7 @@ GEM
parser (~> 2.3)
reek (= 3.10.1)
virtus (~> 1.0)
+ safe_yaml (1.0.4)
sass (3.4.21)
sass-rails (5.0.4)
railties (>= 4.0.0, < 5.0)
@@ -299,6 +386,8 @@ GEM
sprockets (>= 2.8, < 4.0)
sprockets-rails (>= 2.0, < 4.0)
tilt (>= 1.1, < 3)
+ screencap (0.1.4)
+ phantomjs
sdoc (0.4.1)
json (~> 1.7, >= 1.7.7)
rdoc (~> 4.0)
@@ -339,8 +428,12 @@ GEM
actionpack (>= 4.0)
activesupport (>= 4.0)
sprockets (>= 3.0.0)
+ sqlite3 (1.3.11)
stackprof (0.2.8)
streamio-ffmpeg (1.0.0)
+ stringex (1.5.1)
+ sys-uname (1.0.2)
+ ffi (>= 1.0.0)
temple (0.7.6)
terminal-table (1.5.2)
therubyracer (0.12.2)
@@ -357,6 +450,7 @@ GEM
execjs (>= 0.3.0)
json (>= 1.8.0)
uniform_notifier (1.9.0)
+ uuidtools (2.1.5)
virtus (1.0.5)
axiom-types (~> 0.1)
coercible (~> 1.0)
@@ -381,12 +475,14 @@ DEPENDENCIES
best_in_place
better_errors
bootstrap-sass
+ brakeman
bullet
byebug
chart-js-rails
coffee-rails (~> 4.1.0)
curb (~> 0.8.8)
dalli
+ dawnscanner
devise
devise_token_auth
dspace_rest_client
@@ -404,6 +500,7 @@ DEPENDENCIES
libarchive-static
locastyle
meta-tags
+ mimemagic
mina
omniauth-facebook
omniauth-google-oauth2
@@ -421,6 +518,7 @@ DEPENDENCIES
rmagick
rubycritic
sass-rails (~> 5.0)
+ screencap
sdoc (~> 0.4.0)
searchkick
select2-rails
diff --git a/Rakefile b/Rakefile
index ba6b733dd2358d858f00445ebd91c214f0f5d2e5..911ae4ce7adb13a616a86654adc0c83a789c0a3a 100644
--- a/Rakefile
+++ b/Rakefile
@@ -2,5 +2,6 @@
# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
require File.expand_path('../config/application', __FILE__)
+require 'dawn/tasks'
Rails.application.load_tasks