{"id":20847501,"url":"https://github.com/paketo-buildpacks/ruby","last_synced_at":"2026-04-17T07:02:52.685Z","repository":{"id":37072651,"uuid":"263127856","full_name":"paketo-buildpacks/ruby","owner":"paketo-buildpacks","description":null,"archived":false,"fork":false,"pushed_at":"2026-04-13T18:03:39.000Z","size":1220,"stargazers_count":20,"open_issues_count":10,"forks_count":10,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-04-13T20:05:34.238Z","etag":null,"topics":["cnb","ruby"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/paketo-buildpacks.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":"NOTICE","maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2020-05-11T18:43:40.000Z","updated_at":"2026-04-13T18:03:42.000Z","dependencies_parsed_at":"2024-01-05T21:23:50.396Z","dependency_job_id":"b5381ba9-da8f-4834-a58e-79f1701bbadb","html_url":"https://github.com/paketo-buildpacks/ruby","commit_stats":{"total_commits":953,"total_committers":20,"mean_commits":47.65,"dds":"0.35886673662119617","last_synced_commit":"ed48edf5be4fd8c8e46ea564608d582a62fd82c0"},"previous_names":["paketo-community/ruby"],"tags_count":129,"template":false,"template_full_name":null,"purl":"pkg:github/paketo-buildpacks/ruby","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paketo-buildpacks%2Fruby","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paketo-buildpacks%2Fruby/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paketo-buildpacks%2Fruby/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paketo-buildpacks%2Fruby/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/paketo-buildpacks","download_url":"https://codeload.github.com/paketo-buildpacks/ruby/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paketo-buildpacks%2Fruby/sbom","scorecard":{"id":718074,"data":{"date":"2025-08-11","repo":{"name":"github.com/paketo-buildpacks/ruby","commit":"a3ebbe74f71a03893a7a92e89128efe582acbc1d"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.1,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/approve-bot-pr.yml:1","Warn: no topLevel permission defined: .github/workflows/create-draft-release.yml:1","Warn: no topLevel permission defined: .github/workflows/label-pr.yml:1","Warn: no topLevel permission defined: .github/workflows/lint-yaml.yml:1","Warn: no topLevel permission defined: .github/workflows/lint.yml:1","Warn: no topLevel permission defined: .github/workflows/publish-releases.yml:1","Warn: no topLevel permission defined: .github/workflows/push-buildpackage.yml:1","Warn: no topLevel permission defined: .github/workflows/synchronize-labels.yml:1","Warn: no topLevel permission defined: .github/workflows/test-pull-request.yml:1","Warn: no topLevel permission defined: .github/workflows/update-buildpack-toml.yml:1","Warn: no topLevel permission defined: .github/workflows/update-github-config.yml:1","Warn: no topLevel permission defined: .github/workflows/update-go-mod-version.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: third-party GitHubAction not pinned by hash: .github/workflows/approve-bot-pr.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/ruby/approve-bot-pr.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/approve-bot-pr.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/ruby/approve-bot-pr.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/approve-bot-pr.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/ruby/approve-bot-pr.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/approve-bot-pr.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/ruby/approve-bot-pr.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/approve-bot-pr.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/ruby/approve-bot-pr.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/create-draft-release.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/ruby/create-draft-release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/create-draft-release.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/ruby/create-draft-release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/create-draft-release.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/ruby/create-draft-release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/create-draft-release.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/ruby/create-draft-release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/create-draft-release.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/ruby/create-draft-release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/create-draft-release.yml:89: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/ruby/create-draft-release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/create-draft-release.yml:94: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/ruby/create-draft-release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/create-draft-release.yml:119: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/ruby/create-draft-release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/create-draft-release.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/ruby/create-draft-release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/label-pr.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/ruby/label-pr.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/label-pr.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/ruby/label-pr.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint-yaml.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/ruby/lint-yaml.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint-yaml.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/ruby/lint-yaml.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint-yaml.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/ruby/lint-yaml.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/ruby/lint.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/ruby/lint.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/ruby/lint.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-releases.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/ruby/publish-releases.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-releases.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/ruby/publish-releases.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/push-buildpackage.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/ruby/push-buildpackage.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/push-buildpackage.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/ruby/push-buildpackage.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/push-buildpackage.yml:84: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/ruby/push-buildpackage.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/synchronize-labels.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/ruby/synchronize-labels.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/synchronize-labels.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/ruby/synchronize-labels.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-pull-request.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/ruby/test-pull-request.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-pull-request.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/ruby/test-pull-request.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-pull-request.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/ruby/test-pull-request.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-pull-request.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/ruby/test-pull-request.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-buildpack-toml.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/ruby/update-buildpack-toml.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-buildpack-toml.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/ruby/update-buildpack-toml.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-buildpack-toml.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/ruby/update-buildpack-toml.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-buildpack-toml.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/ruby/update-buildpack-toml.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-buildpack-toml.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/ruby/update-buildpack-toml.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-buildpack-toml.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/ruby/update-buildpack-toml.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-buildpack-toml.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/ruby/update-buildpack-toml.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-buildpack-toml.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/ruby/update-buildpack-toml.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-github-config.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/ruby/update-github-config.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-github-config.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/ruby/update-github-config.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-github-config.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/ruby/update-github-config.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-github-config.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/ruby/update-github-config.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-github-config.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/ruby/update-github-config.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-github-config.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/ruby/update-github-config.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-github-config.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/ruby/update-github-config.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-github-config.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/ruby/update-github-config.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-go-mod-version.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/ruby/update-go-mod-version.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-go-mod-version.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/ruby/update-go-mod-version.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-go-mod-version.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/ruby/update-go-mod-version.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-go-mod-version.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/ruby/update-go-mod-version.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-go-mod-version.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/ruby/update-go-mod-version.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-go-mod-version.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/ruby/update-go-mod-version.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-go-mod-version.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/ruby/update-go-mod-version.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-go-mod-version.yml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/paketo-buildpacks/ruby/update-go-mod-version.yml/main?enable=pin","Warn: pipCommand not pinned by hash: .github/workflows/lint-yaml.yml:28","Info:   0 out of  20 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of  37 third-party GitHubAction dependencies pinned","Info:   0 out of   1 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v0.47.6 not signed: https://api.github.com/repos/paketo-buildpacks/ruby/releases/181110011","Warn: release artifact v0.47.5 not signed: https://api.github.com/repos/paketo-buildpacks/ruby/releases/176202235","Warn: release artifact v0.47.4 not signed: https://api.github.com/repos/paketo-buildpacks/ruby/releases/174588672","Warn: release artifact v0.47.3 not signed: https://api.github.com/repos/paketo-buildpacks/ruby/releases/168916483","Warn: release artifact v0.47.2 not signed: https://api.github.com/repos/paketo-buildpacks/ruby/releases/168509836","Warn: release artifact v0.47.6 does not have provenance: https://api.github.com/repos/paketo-buildpacks/ruby/releases/181110011","Warn: release artifact v0.47.5 does not have provenance: https://api.github.com/repos/paketo-buildpacks/ruby/releases/176202235","Warn: release artifact v0.47.4 does not have provenance: https://api.github.com/repos/paketo-buildpacks/ruby/releases/174588672","Warn: release artifact v0.47.3 does not have provenance: https://api.github.com/repos/paketo-buildpacks/ruby/releases/168916483","Warn: release artifact v0.47.2 does not have provenance: https://api.github.com/repos/paketo-buildpacks/ruby/releases/168509836"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: github.com/paketo-buildpacks/.github/SECURITY.md:1","Info: Found linked content: github.com/paketo-buildpacks/.github/SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/paketo-buildpacks/.github/SECURITY.md:1","Info: Found text in security policy: github.com/paketo-buildpacks/.github/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"94 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2025-3829 / GHSA-4vq8-7jfc-9cvp","Warn: Project is vulnerable to: GO-2024-3321 / GHSA-v778-237x-gjrc","Warn: Project is vulnerable to: GO-2025-3487 / GHSA-hcg3-q754-cr77","Warn: Project is vulnerable to: GO-2024-3333","Warn: Project is vulnerable to: GO-2025-3503 / GHSA-qxp5-gwg8-xv66","Warn: Project is vulnerable to: GO-2025-3595 / GHSA-vvgc-356p-c3xw","Warn: Project is vulnerable to: GHSA-68xg-gqqm-vgj8","Warn: Project is vulnerable to: GHSA-9hf4-67fc-4vf4","Warn: Project is vulnerable to: GHSA-c2f4-cvqm-65w2","Warn: Project is vulnerable to: GHSA-22f2-v57c-j9cx","Warn: Project is vulnerable to: GHSA-3h57-hmj3-gj3p","Warn: Project is vulnerable to: GHSA-54rr-7fvw-6x8f","Warn: Project is vulnerable to: GHSA-65f5-mfpf-vfhj","Warn: Project is vulnerable to: GHSA-7g2v-jj9q-g3rg","Warn: Project is vulnerable to: GHSA-7wqh-767x-r66v","Warn: Project is vulnerable to: GHSA-8cgq-6mh2-7j6v","Warn: Project is vulnerable to: GHSA-93pm-5p5f-3ghx","Warn: Project is vulnerable to: GHSA-c6qg-cjj8-47qp","Warn: Project is vulnerable to: GHSA-gjh7-p2fx-99vx","Warn: Project is vulnerable to: GHSA-rqv2-275x-2jq5","Warn: Project is vulnerable to: GHSA-vpfw-47h7-xj4g","Warn: Project is vulnerable to: GHSA-xj5v-6v4g-jfw6","Warn: Project is vulnerable to: GHSA-2x8x-jmrp-phxw","Warn: Project is vulnerable to: GHSA-hxx2-7vcw-mqr3","Warn: Project is vulnerable to: GHSA-h47h-mwp9-c6q6","Warn: Project is vulnerable to: GHSA-4g8v-vg43-wpgf","Warn: Project is vulnerable to: GHSA-8xww-x3g3-6jcv","Warn: Project is vulnerable to: GHSA-fwhr-88qx-h9g7","Warn: Project is vulnerable to: GHSA-p84v-45xj-wwqj","Warn: Project is vulnerable to: GHSA-vfg9-r3fq-jvx4","Warn: Project is vulnerable to: GHSA-vfm5-rmrh-j26v","Warn: Project is vulnerable to: GHSA-x76w-6vjr-8xgj","Warn: Project is vulnerable to: GHSA-wwhv-wxv9-rpgw","Warn: Project is vulnerable to: GHSA-xp5h-f8jf-rc8q","Warn: Project is vulnerable to: GHSA-579w-22j4-4749","Warn: Project is vulnerable to: GHSA-76r7-hhxj-r776","Warn: Project is vulnerable to: GHSA-hq7p-j377-6v63","Warn: Project is vulnerable to: GHSA-8h22-8cf7-hq6g","Warn: Project is vulnerable to: GHSA-r4mg-4433-c7g3","Warn: Project is vulnerable to: GHSA-cr5q-6q9f-rq6q","Warn: Project is vulnerable to: GHSA-j6gc-792m-qgm2","Warn: Project is vulnerable to: GHSA-pj73-v5mw-pm9j","Warn: Project is vulnerable to: GHSA-23c2-gwp5-pxw9","Warn: Project is vulnerable to: GHSA-228g-948r-83gx","Warn: Project is vulnerable to: GHSA-3x8r-x6xp-q4vm","Warn: Project is vulnerable to: GHSA-486f-hjj9-9vhh","Warn: Project is vulnerable to: GHSA-353f-x4gh-cqq8","Warn: Project is vulnerable to: GHSA-5w6v-399v-w3cc","Warn: Project is vulnerable to: GHSA-mrxw-mxhj-p664","Warn: Project is vulnerable to: GHSA-pxvg-2qj5-37jq","Warn: Project is vulnerable to: GHSA-qv4q-mr5r-qprj","Warn: Project is vulnerable to: GHSA-r95h-9x8f-r3f7","Warn: Project is vulnerable to: GHSA-vvfq-8hwr-qm4m","Warn: Project is vulnerable to: GHSA-xc9x-jj77-9p9j","Warn: Project is vulnerable to: GHSA-5x79-w82f-gw8w","Warn: Project is vulnerable to: GHSA-9h9g-93gc-623h","Warn: Project is vulnerable to: GHSA-mcvf-2q2m-x72m","Warn: Project is vulnerable to: GHSA-rrfc-7g8p-99q8","Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8","Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92","Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg","Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc","Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx","Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc","Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp","Warn: Project is vulnerable to: GHSA-c7qv-q95q-8v27","Warn: Project is vulnerable to: GHSA-4www-5p9h-95mh","Warn: Project is vulnerable to: GHSA-9gqv-wp59-fq42","Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h","Warn: Project is vulnerable to: GHSA-76p3-8jx3-jpfq","Warn: Project is vulnerable to: GHSA-3rfm-jhwj-7488","Warn: Project is vulnerable to: GHSA-hhq3-ff78-jv3g","Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9","Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm","Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv","Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h","Warn: Project is vulnerable to: GHSA-76c9-3jph-rj3q","Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9","Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j","Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w","Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw","Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg","Warn: Project is vulnerable to: GHSA-76p7-773f-r4q5","Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p","Warn: Project is vulnerable to: GHSA-hc6q-2mpp-qw7j","Warn: Project is vulnerable to: GHSA-4vvj-4cpr-p986","Warn: Project is vulnerable to: GHSA-wr3j-pwj9-hqq6","Warn: Project is vulnerable to: GHSA-4v9v-hfq4-rm2v","Warn: Project is vulnerable to: GHSA-9jgg-88mc-972h","Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-22T10:19:40.799Z","repository_id":37072651,"created_at":"2025-08-22T10:19:40.799Z","updated_at":"2025-08-22T10:19:40.799Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31918838,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-16T18:22:33.417Z","status":"online","status_checked_at":"2026-04-17T02:00:06.879Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cnb","ruby"],"created_at":"2024-11-18T02:21:23.872Z","updated_at":"2026-04-17T07:02:52.227Z","avatar_url":"https://github.com/paketo-buildpacks.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Ruby Paketo Buildpack\n\n## `gcr.io/paketo-buildpacks/ruby`\n\nThe Ruby Paketo Buildpack provides a set of collaborating buildpacks that\nenable the building of a Ruby-based application. These buildpacks include:\n- [Bundle Install](https://github.com/paketo-buildpacks/bundle-install)\n- [Bundler](https://github.com/paketo-buildpacks/bundler)\n- [MRI](https://github.com/paketo-buildpacks/mri)\n- [Node Engine](https://github.com/paketo-buildpacks/node-engine)\n- [Passenger](https://github.com/paketo-buildpacks/passenger)\n- [Puma](https://github.com/paketo-buildpacks/puma)\n- [Rackup](https://github.com/paketo-buildpacks/rackup)\n- [Rails Assets](https://github.com/paketo-buildpacks/rails-assets)\n- [Rake](https://github.com/paketo-buildpacks/rake)\n- [Thin](https://github.com/paketo-buildpacks/thin)\n- [Unicorn](https://github.com/paketo-buildpacks/unicorn)\n- [Yarn Install](https://github.com/paketo-buildpacks/yarn-install)\n- [Yarn](https://github.com/paketo-buildpacks/yarn)\n\nThe buildpack supports building simple Ruby applications or applications which\nutilize [Bundler](https://bundler.io/) for managing their dependencies. Usage\nexamples can be found in the\n[`samples` repository under the `ruby` directory](https://github.com/paketo-buildpacks/samples/tree/main/ruby).\n\n#### The Ruby buildpack is compatible with the following builder(s):\n- [Paketo Jammy Full Builder](https://github.com/paketo-buildpacks/builder-jammy-full)\n- [Paketo Jammy Base Builder](https://github.com/paketo-buildpacks/builder-jammy-base)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpaketo-buildpacks%2Fruby","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpaketo-buildpacks%2Fruby","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpaketo-buildpacks%2Fruby/lists"}