HackDig : Dig high-quality web security articles for hackers

Bundler-Audit -> Auditing your RubyGems

2014-08-12 02:15

Ruby applications that utilize a Gemfile/Gemfile.lock, file(s) that contain the list of ruby gems an application should use along with their respective version number, can now be audited to determine if those libraries are vulnerable.

Credit to postmodern for developing the auditing gem and also to RubySec for creating the ruby-advisory-db, a community maintained database of Ruby gem vulnerabilities for which bundler-audit is built on top of. 

So to install this - 

gem install bundler-audit

to run it, navigate to the directory where the Gemfile.lock is stored:

bundle-audit check

If the application is using a vulnerable version of a gem, the output will look like...


Ken (@cktricky)

Source: lmth.smegybur-ruoy-gnitidua-tidua-reldnub/40/3102/moc.hcraeserkcatta.eganw0lanrac

Read:4120 | Comments:0 | Tags:cktricky

“Bundler-Audit -> Auditing your RubyGems”0 Comments

Submit A Comment



Blog :

Verification Code:


Tag Cloud