Announcing Snyk CLI for Ruby, and more ways to fix Ruby vulnerabilities

Johanna Kollmann's avatar Johanna Kollmann

Since we launched Ruby last month, we’ve been working away on improvements. Today we’re excited to let you know about our extended support for Ruby:

Ruby CLI

A screenshot of the new Snyk Ruby CLI

Use our Ruby CLI to test Ruby projects continuously, and monitor your dependencies for new vulnerabilities. Install the latest version of Snyk using npm install -g snyk to try it.

Note that snyk test and snyk monitor are currently supported, and you can add these commands to your build system. Fixing vulnerabilities with snyk wizard is only available for Node.js; for fixing Ruby vulnerabilities, use our GitHub integration.

Extended functionality for fixing Ruby vulnerabilities

A screenshot of the new warning on when a fix involves changing the Gemfile

Snyk fixes your Ruby projects by updating vulnerable dependencies in your Gemfile.lock file. We now also take your Gemfile into account, so more vulnerabilities can be detected and fixed easily!

When a fix requires a change to your Gemfile, our fix pull requests will propose these changes.

When you open a PR via, we will give you a heads-up when this is the case.

Improved commit messages

Alongside the Ruby work, we updated the commit messages for our fix PRs for Node.js and Ruby. All the detail you see in the PR is now included in the commit messages, and lives on in git itself. We referred to and can highly recommend the Government Digital Service’s Git style guide.

Building the VSTS Snyk task, an interview with Jesse Houwing

December 21, 2016

Jesse Houwing recently published a really helpful Visual Studio Team Services (VSTS) task, making it easier to get Snyk incorporated into your VSTS workflow. We think it's pretty awesome that he built it, so we wanted to learn a bit more about the task and how he did it.

Differences in version handling between RubyGems and npm

December 14, 2016

We recently added support for Ruby projects to Snyk. The difference between version handling in RubyGems and npm presented a few challenges along the way. This blog post describes those differences, the problems they caused, and how we resolved them.

Subscribe to The Secure Developer Podcast

A podcast about security for developers, covering tools and best practices.

Find out more

Interested in web security?

Subscribe to our newsletter:

Get realtime updates and fixes for JavaScript, Ruby and Java vulnerabilities that affect your applications