RubyAudit checks your current version of Ruby and RubyGems against known security vulnerabilities (CVEs), alerting you if you are using an insecure version. It complements bundler-audit, providing complete coverage for your Ruby stack. If you use Bundler, you should use both RubyAudit and bundler-audit.

RubyAudit is based on and leverages bundler-audit, and would not exist without the hard work of the rubysec team, specifically bundler-audit and ruby-advisory-db.

"If I have seen further it is by standing on the shoulders of Giants." -- Isaac Newton

Add this line to your application's Gemfile:

gem 'ruby_audit'

And then execute:

$ bundle

Or install it yourself as:

$ gem install ruby_audit

To check your current version of Ruby and RubyGems:

$ ruby-audit check

You can ignore specific advisories by specifying -i <advisory>:

$ ruby-audit check -i CVE-2015-7551

By default, RubyAudit will check for updates to the ruby-advisory-db when it runs. If you are using RubyAudit offline, you can bypass this check by specifying -n:

$ ruby-audit check -n

After checking out the repo, run bin/setup to install dependencies. Then, run rake spec to run the tests. You can also run bin/console for an interactive prompt that will allow you to experiment.

To install this gem onto your local machine, run bundle exec rake install. To release a new version, update the version number in version.rb, and then run bundle exec rake release, which will create a git tag for the version, push git commits and tags, and push the .gem file to rubygems.org.

See CONTRIBUTING.

RubyAudit is released under the GNU General Public License version 3.