Skip to content

Check ruby version from lockfile for advisories#451

Open
eliotsykes wants to merge 1 commit into
rubysec:masterfrom
eliotsykes:audit-gemfile-ruby-version
Open

Check ruby version from lockfile for advisories#451
eliotsykes wants to merge 1 commit into
rubysec:masterfrom
eliotsykes:audit-gemfile-ruby-version

Conversation

@eliotsykes

Copy link
Copy Markdown
Contributor

Scans the ruby version in the lockfile and reports any corresponding advisories.

This should help projects already running bundler-audit become aware of new ruby security vulnerabilities and patches sooner.

@postmodern mentioned being open to checking the ruby version in Gemfile.lock sometime ago in #118

I'm open to checking the ruby version specified in the Gemfile.lock ... link.

If a scanned lockfile does not contain the RUBY VERSION metadata, then this ruby check is silently skipped.

Thanks in advance for any feedback.

@eliotsykes
eliotsykes force-pushed the audit-gemfile-ruby-version branch 2 times, most recently from 45a8fec to 4f79bf6 Compare July 16, 2026 16:36
@simi

simi commented Jul 19, 2026

Copy link
Copy Markdown
Contributor

What about the other formatters (junit, json)?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants