bundler-audit¶
bundler-audit is a patch-level verification tool for Bundler. It checks for vulnerable versions of gems in
https://github.com/rubysec/bundler-auditGemfile.lock
and insecure gem sources.
Enabling bundler-audit¶
To enable bundler-audit for your repository, make sure that Gemfile
and Gemfile.lock
are in your repository, then add the following lines to your configuration:
build:
nodes:
analysis:
tests:
override:
- bundle-audit-run
bundle-audit-run
is a built-in wrapper for bundler-audit which runs the check.