Gemsurance is a tool for monitoring if any of your Ruby Gems are out-of-date or vulnerable. It uses Bundler and the Ruby Advisory Database to do so. It's similar to bundler-audit, but outputs an HTML report and determines which gems are out-of-date as well.
To install Gemsurance, add
gem 'gemsurance'
to your Gemfile and run bundle install.
Use gemsurance by running
bundle exec gemsurance [options]
from the directory containing the Gemfile whose gems you wish to check.
This will output an HTML file (named gemsurance_report.html by default) in the current directory containing a report of your gem status: which gems are out-of-date and which gems have reported vulnerabilities in the Ruby Advisory Database. The Ruby Advisory Database git repo will be checked out into tmp/vulnerabilities relative to the working directory.
Gems that are up-to-date are colored green and gems that are out-of-date but without reported vulnerabilities are colored yellow. Vulnerable gems are colored red, and information about the vulnerability and versions with a patch for the issue is displayed in the rightmost column.
Gemsurance exits with code 0 if there are no gems with reported vulnerabilities and code 1 if there are any such gems.
Running the gemsurance check as part of your RSpec test suite will cause an RSpec failure whenever a gem with a known vulnerability is detected in your application. This is incredibly useful if your application is tested regularly by a CI build. You can set this up by adding sample_spec/gemsurance_spec.rb to your RSpec tests.
Command-line options to the gemsurance executable are as follows:
- --pre: Consider pre-release gem versions
- --output FILE: Output report to specified file
- --format FORMAT: Output report to specified format (html & yml available). Html by default.
- Add CSV formatter
- Support Git versions of gems
Contributions are always welcome. Please fork the repo and create a pull request or create an issue.
Thanks to Bundler and the Ruby Advisory Database, upon which Gemsurance is based.
MIT License.