Security Vulnerabilities

Ruby-advisory-db

The Ruby Advisory Database is “a community effort to compile all security advisories that are relevant to Ruby libraries”. The creators of the database also created bundler-audit as a way to check your Gemfile.lock files against the database.

Bundler-audit

A Ruby gem that offers patch-level verification for Bundler and helps you find security vulnerabilities in your Ruby dependencies. It checks for vulnerable versions of gems in Gemfile.lock and checks for insecure gem sources (http://).

At Ombu Labs, we wanted to harness the power of bundler-audit and make it possible to audit your Gemfile via a single page application, without any installation at all. That’s why we created Audit Tool.

Gemfile.lock Audit Tool

Audit Tool is a tool created to allow users to check their Gemfile.lock for vulnerabilities in a quick and secure manner.

The tool uses the bundler-audit gem to check for vulnerable versions of gems and insecure gem sources. The tool updates automatically with new warnings as the bundler-audit gem database of vulnerabilities is updated.

Thanks to this tool, you can now easily audit their Gemfile.lock without installing any gems or editing their code.