bundler-audit is a small utility which can check your Gemfile’s contents against the Ruby Advisory Database. You can simply run it via bundle audit and it will report insecure gem sources as well as library versions that have known vulnerabilities: $ bundle audit Insecure Source URI found: git://github.com/compass/compass-rails.git Insecure Source URI found: git://github.com/sinatra/sinatra.git Name: nokogiri Version: 1.8.2 Advisory: CVE-2018-8048 Criticality: Unknown URL: https://github.co...
