Get the book

Security Vulnerabilities

Ruby-advisory-db

The Ruby Advisory Database is “a community effort to compile all security advisories that are relevant to Ruby libraries”. The creators of the database also created bundler-audit as a way to check your Gemfile.lock files against the database.

Bundler-audit

A Ruby gem that offers patch-level verification for Bundler and helps you find security vulnerabilities in your Ruby dependencies. It checks for vulnerable versions of gems in Gemfile.lock and checks for insecure gem sources (http://).

At Ombu Labs, we wanted to harness the power of bundler-audit and make it possible to audit your Gemfile via a single page application, without any installation at all. That’s why we created Audit Tool.

Gemfile.lock Audit Tool

Audit Tool is a tool created to allow users to check their Gemfile.lock for vulnerabilities in a quick and secure manner.

The tool uses the bundler-audit gem to check for vulnerable versions of gems and insecure gem sources. The tool updates automatically with new warnings as the bundler-audit gem database of vulnerabilities is updated.

Thanks to this tool, you can now easily audit their Gemfile.lock without installing any gems or editing their code.

Don't wait to bring your Rails application up to date.

We will get on a quick call and recommend a couple of options to start upgrading your Rails app.

10%