{"id":15725432,"url":"https://github.com/leklund/bauditor","last_synced_at":"2025-07-07T02:02:06.024Z","repository":{"id":59150994,"uuid":"80055394","full_name":"leklund/bauditor","owner":"leklund","description":"run bundler-audit on a multiple repositories at once","archived":false,"fork":false,"pushed_at":"2017-08-24T15:28:27.000Z","size":14,"stargazers_count":6,"open_issues_count":0,"forks_count":1,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-04-01T06:34:00.351Z","etag":null,"topics":["bundler-audit","ruby","rubygems","security"],"latest_commit_sha":null,"homepage":null,"language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/leklund.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-01-25T20:36:03.000Z","updated_at":"2022-08-05T21:03:55.000Z","dependencies_parsed_at":"2022-09-13T11:00:50.274Z","dependency_job_id":null,"html_url":"https://github.com/leklund/bauditor","commit_stats":null,"previous_names":[],"tags_count":7,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/leklund%2Fbauditor","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/leklund%2Fbauditor/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/leklund%2Fbauditor/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/leklund%2Fbauditor/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/leklund","download_url":"https://codeload.github.com/leklund/bauditor/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":249360543,"owners_count":21257272,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bundler-audit","ruby","rubygems","security"],"created_at":"2024-10-03T22:20:57.050Z","updated_at":"2025-04-20T23:30:40.218Z","avatar_url":"https://github.com/leklund.png","language":"Ruby","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Bauditor\n\nRun [bundler-audit](https://github.com/rubysec/bundler-audit) on multiple repositories at once.\n\nIf you manage many ruby applications it can be a hassle to keep them all up-to-date and audited. This gem can aid in running bundle-audit on many repositories at once. It will do the following:\n\n* create a directory in `/tmp/bauditor` OR in the --repo_path\n* fetch a list of repos with `git clone repo --branch master --single-branch`\n* If a `Gemfile.lock` is not present it will run `bundle lock` in an attempt to generate a lockfile.\n* run `bundle-audit` on the repositories `Gemfile.lock` and print the output\n* Print a summary report\n* If the --no-persist option is passed it will `rm -rf #{repo_path}.`\n\nBy default it will persist the repositories after each run. This way it only has to go a `git pull origin master` if the repository has already been cloned.\n\n## Installation\n\n```\n$ gem install bauditor\n```\n\n## Usage\n\n```\n$ bauditor help audit\n\nUsage:\n  bauditor audit\n\nOptions:\n      [--repo-path=REPO_PATH]      # Path to directory where fetched repositories will be stored\n      [--persist], [--no-persist]  # Persist repositories, or not.\n                                   # Default: true\n  r, [--repos=one two three]       # Space seperate list of repositories\n  c, [--config=CONFIG]             # Path to file containing repositories one per line.\n\nrun bundle-audit on multiple repositories\n```\n\nRepositories must be in a format that can passed to git clone. Currently this only works on the master branch.\n\n`audit` is the only command and is the default so `bauditor` can be invoked without a command.\n### Example\n\n```\n$ cat config\n\ngit@github.com:leklund/chopped_ingredients.git\ngit@github.com:leklund/bitbucket-irc-notification.git\n\n$ bauditor -c=config -r=git@github.com:wistia/nsq-ruby.git\n  OR\n$ bauditor audit -c=config -r=git@github.com:wistia/nsq-ruby.git\n\n[BAUDITOR] Updating the bundle-audit database\nUpdating ruby-advisory-db ...\nFrom https://github.com/rubysec/ruby-advisory-db\n * branch            master     -\u003e FETCH_HEAD\nAlready up-to-date.\nUpdated ruby-advisory-db\nruby-advisory-db: 273 advisories\n---------------------------------------------------\n[BAUDITOR] fetching and auditing nsq-ruby\n---------------------------------------------------\nInsecure Source URI found: http://rubygems.org/\nVulnerabilities found!\n---------------------------------------------------\n[BAUDITOR] fetching and auditing chopped_ingredients\n---------------------------------------------------\nNo vulnerabilities found\n---------------------------------------------------\n[BAUDITOR] fetching and auditing bitbucket-irc-notification\n---------------------------------------------------\nName: rack\nVersion: 1.5.2\nAdvisory: CVE-2015-3225\nCriticality: Unknown\nURL: https://groups.google.com/forum/#!topic/ruby-security-ann/gcUbICUmKMc\nTitle: Potential Denial of Service Vulnerability in Rack\nSolution: upgrade to \u003e= 1.6.2, ~\u003e 1.5.4, ~\u003e 1.4.6\n\nName: rest-client\nVersion: 1.6.7\nAdvisory: CVE-2015-1820\nCriticality: Unknown\nURL: https://github.com/rest-client/rest-client/issues/369\nTitle: rubygem-rest-client: session fixation vulnerability via Set-Cookie headers in 30x redirection responses\nSolution: upgrade to \u003e= 1.8.0\n\nName: rest-client\nVersion: 1.6.7\nAdvisory: CVE-2015-3448\nCriticality: Unknown\nURL: http://www.osvdb.org/show/osvdb/117461\nTitle: Rest-Client Gem for Ruby logs password information in plaintext\nSolution: upgrade to \u003e= 1.7.3\n\nVulnerabilities found!\n---------------------------------------------------\n[BAUDITOR] summary report:\n____________________________________________\n| Repo                       | Vulnerable? |\n--------------------------------------------\n| nsq-ruby                   |    YES      |\n| chopped_ingredients        |    No       |\n| bitbucket-irc-notification |    YES      |\n--------------------------------------------\n\n```\n\n## Development\n\nAfter checking out the repo, run `bin/setup` to install dependencies. Then, run `rake test` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.\n\nTo install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).\n\n## Contributing\n\nBug reports and pull requests are welcome on GitHub at https://github.com/leklund/bauditor. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.\n\n\n## License\n\nCopyright (c) 2017 Lukas Eklund\n\nThe gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fleklund%2Fbauditor","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fleklund%2Fbauditor","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fleklund%2Fbauditor/lists"}