bundler-audit alternatives and similar gems
Based on the "Security" category.
Alternatively, view bundler-audit alternatives based on common mentions on social networks and blogs.
8.5 7.1 bundler-audit VS SecureHeadersManages application of security headers with many safe defaults
6.0 2.6 L5 bundler-audit VS RbNaClRuby FFI binding to the Networking and Cryptography (NaCl) library (a.k.a. libsodium)
NOTE: This project has been merged upstream to sinatra/sinatra
0.7 0.0 bundler-audit VS Active EntryA flexible access control system for your Rails app
* Code Quality Rankings and insights are calculated and provided by Lumnify.
They vary from L1 to L5 with "L5" being the highest.
Do you think we are missing an alternative of bundler-audit or a related project?
Patch-level verification for bundler.
- Checks for vulnerable versions of gems in
- Checks for insecure gem sources (
- Allows ignoring certain advisories that have been manually worked around.
- Prints advisory information.
- Does not require a network connection.
Audit a project's
$ bundle-audit Name: actionpack Version: 3.2.10 Advisory: OSVDB-91452 Criticality: Medium URL: http://www.osvdb.org/show/osvdb/91452 Title: XSS vulnerability in sanitize_css in Action Pack Solution: upgrade to ~> 2.3.18, ~> 3.1.12, >= 3.2.13 Name: actionpack Version: 3.2.10 Advisory: OSVDB-91454 Criticality: Medium URL: http://osvdb.org/show/osvdb/91454 Title: XSS Vulnerability in the `sanitize` helper of Ruby on Rails Solution: upgrade to ~> 2.3.18, ~> 3.1.12, >= 3.2.13 Name: actionpack Version: 3.2.10 Advisory: OSVDB-89026 Criticality: High URL: http://osvdb.org/show/osvdb/89026 Title: Ruby on Rails params_parser.rb Action Pack Type Casting Parameter Parsing Remote Code Execution Solution: upgrade to ~> 2.3.15, ~> 3.0.19, ~> 3.1.10, >= 3.2.11 Name: activerecord Version: 3.2.10 Advisory: OSVDB-91453 Criticality: High URL: http://osvdb.org/show/osvdb/91453 Title: Symbol DoS vulnerability in Active Record Solution: upgrade to ~> 2.3.18, ~> 3.1.12, >= 3.2.13 Name: activerecord Version: 3.2.10 Advisory: OSVDB-90072 Criticality: Medium URL: http://direct.osvdb.org/show/osvdb/90072 Title: Ruby on Rails Active Record attr_protected Method Bypass Solution: upgrade to ~> 2.3.17, ~> 3.1.11, >= 3.2.12 Name: activerecord Version: 3.2.10 Advisory: OSVDB-89025 Criticality: High URL: http://osvdb.org/show/osvdb/89025 Title: Ruby on Rails Active Record JSON Parameter Parsing Query Bypass Solution: upgrade to ~> 2.3.16, ~> 3.0.19, ~> 3.1.10, >= 3.2.11 Name: activesupport Version: 3.2.10 Advisory: OSVDB-91451 Criticality: High URL: http://www.osvdb.org/show/osvdb/91451 Title: XML Parsing Vulnerability affecting JRuby users Solution: upgrade to ~> 3.1.12, >= 3.2.13 Unpatched versions found!
Update the ruby-advisory-db that
bundle audit uses:
$ bundle-audit update Updating ruby-advisory-db ... remote: Counting objects: 44, done. remote: Compressing objects: 100% (24/24), done. remote: Total 39 (delta 19), reused 29 (delta 10) Unpacking objects: 100% (39/39), done. From https://github.com/rubysec/ruby-advisory-db * branch master -> FETCH_HEAD Updating 5f8225e..328ca86 Fast-forward CONTRIBUTORS.md | 1 + gems/actionmailer/OSVDB-98629.yml | 17 +++++++++++++++++ gems/cocaine/OSVDB-98835.yml | 15 +++++++++++++++ gems/fog-dragonfly/OSVDB-96798.yml | 13 +++++++++++++ gems/sounder/OSVDB-96278.yml | 13 +++++++++++++ gems/wicked/OSVDB-98270.yml | 14 ++++++++++++++ 6 files changed, 73 insertions(+) create mode 100644 gems/actionmailer/OSVDB-98629.yml create mode 100644 gems/cocaine/OSVDB-98835.yml create mode 100644 gems/fog-dragonfly/OSVDB-96798.yml create mode 100644 gems/sounder/OSVDB-96278.yml create mode 100644 gems/wicked/OSVDB-98270.yml ruby-advisory-db: 64 advisories
Update the ruby-advisory-db and check
Gemfile.lock (useful for CI runs):
$ bundle-audit check --update
Gemfile.lock without updating the ruby-advisory-db:
$ bundle-audit check --no-update
Ignore specific advisories:
$ bundle-audit check --ignore OSVDB-108664
Checking a custom
$ bundle-audit check --gemfile Gemfile.custom.lock
Output the audit's results in JSON:
$ bundle-audit check --format json
Output the audit's results in JSON, to a file:
$ bundle-audit check --format json --output bundle-audit.json
require 'bundler/audit/task' Bundler::Audit::Task.new task default: 'bundle:audit'
bundler-audit also supports a per-project configuration file:
--- ignore: - CVE-YYYY-XXXX - ...
ignore:[Array<String>] - A list of advisory IDs to ignore.
$ [sudo] gem install bundler-audit
Debian / Ubuntu:
$ sudo apt install git
RedHat / Fedora:
$ sudo dnf install git
$ apk add git
$ brew install git
git clone YOUR_FORK_URI
bundle exec rake spec
git checkout -b YOUR_FEATURE
- Make your changes
bundle exec rake spec
git commit -a
git push origin YOUR_FEATURE
Copyright (c) 2013-2021 Hal Brodigan (postmodern.mod3 at gmail.com)
bundler-audit is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
bundler-audit is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with bundler-audit. If not, see http://www.gnu.org/licenses/.
*Note that all licence references and agreements mentioned in the bundler-audit README section above are relevant to that project's source code only.