Bundler Audit
bundler-audit
I picked up many welcome tips at RailsConf 2014. One was bundler-audit. I han’t heard of the gem before but took a look and found it extremely useful. I look forward to using this on all projects.
When run, bundler-audit takes a look at the contents of your Gemfile.lock, and then print a list of any gems with security vulnerabilities; provides information about patch levels to update to; it lists a bit of information about the vulnerability; notes how critical the patch is.
To install:
bundle install bundler-audit
To run:
bundle audit
Then it’s just a matter of reading through the output and proceeding to update any gems based on the recommendations it provides.
https://github.com/rubysec/bundler-audit
I am available for Ruby on Rails consulting work – get in touch to learn more.