https://github.com/rubyonworld/ruby-audit
RubyAudit checks your current version of Ruby and RubyGems against known security vulnerabilities (CVEs), alerting you if you are using an insecure version.
https://github.com/rubyonworld/ruby-audit
audit current gem rails ruby
Last synced: 18 days ago
JSON representation
RubyAudit checks your current version of Ruby and RubyGems against known security vulnerabilities (CVEs), alerting you if you are using an insecure version.
- Host: GitHub
- URL: https://github.com/rubyonworld/ruby-audit
- Owner: RubyOnWorld
- License: other
- Created: 2022-09-27T15:33:36.000Z (over 3 years ago)
- Default Branch: main
- Last Pushed: 2022-09-28T01:08:53.000Z (over 3 years ago)
- Last Synced: 2025-05-19T20:32:30.736Z (about 1 year ago)
- Topics: audit, current, gem, rails, ruby
- Language: Ruby
- Homepage:
- Size: 44.9 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- License: LICENSE.md
- Code of conduct: CODE_OF_CONDUCT.md
Awesome Lists containing this project
README
# RubyAudit
[](http://badge.fury.io/rb/ruby_audit)
RubyAudit checks your current version of Ruby and RubyGems against known security vulnerabilities (CVEs), alerting you if you are using an insecure version.
It complements [bundler-audit](https://github.com/rubysec/bundler-audit), providing complete coverage for your Ruby stack.
If you use Bundler, you should use both RubyAudit and bundler-audit.
RubyAudit is based on and leverages bundler-audit, and would not exist without the hard work of the [rubysec](https://github.com/rubysec) team, specifically bundler-audit and [ruby-advisory-db](https://github.com/rubysec/ruby-advisory-db).
"If I have seen further it is by standing on the shoulders of Giants." -- Isaac Newton
## Installation
Add this line to your application's Gemfile:
```ruby
gem 'ruby_audit'
```
And then execute:
$ bundle
Or install it yourself as:
$ gem install ruby_audit
Because bundler-audit requires bundler, RubyAudit requires bundler as a transitive
dependency. If you don't intend to run RubyAudit in the production environment, you
may selectively install it in your development and test environments by using
[Bundler groups](https://bundler.io/guides/groups.html).
## Usage
To check your current version of Ruby and RubyGems:
```bash
$ ruby-audit check
```
You can ignore specific advisories by specifying `-i `:
```bash
$ ruby-audit check -i CVE-2015-7551
```
By default, RubyAudit will check for updates to the ruby-advisory-db when it runs.
If you are using RubyAudit offline, you can bypass this check by specifying `-n`:
```bash
$ ruby-audit check -n
```
## Development
After checking out the repo, run `bin/setup` to install dependencies.
You'll also want to run `git submodule update --init` to populate the ruby-advisory-db
submodule used for testing. Then, run `rake spec` to run the tests.
You can also run `bin/console` for an interactive prompt that will allow you to experiment.
To install this gem onto your local machine, run `bundle exec rake install`.
To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
## Contributing
See [CONTRIBUTING](CONTRIBUTING.md).
## License
RubyAudit is released under the [GNU General Public License version 3](LICENSE.md).