Squashing Security Bugs with Rubocop

Explore how to leverage Rubocop for detecting and preventing security vulnerabilities in Ruby code in this 27-minute conference talk from RubyConf 2021. Discover the process of using Abstract Syntax Trees and Node Patterns to identify security antipatterns, with a focus on Rails applications. Learn to create custom Rubocop cops for automated security checks, prioritize developer experience, and effectively manage offenses. Gain insights into Betterment's approach to integrating security practices into their development workflow, and understand how to implement similar strategies to enhance code quality and security in your own Ruby projects.

Introduction
What is State Analysis? ?
Abstract Syntax Trees
Node Pattern and def_node_matcher
Breaking it Down
What are security antipatterns?
A Rails Antipattern
Let's Build a Cop
Developer Experience?
Prioritizing Developer Experience
Dealing with Offenses
Keeping it Simple