Announcing Snyk for Ruby

Guy Podjarny's avatar Guy Podjarny

In the year since Snyk launched, we’ve been busy focusing on securing Node.js applications. Since that time our open-source database of npm package vulnerabilities has grown to 165, nearly a million tests have been run by our users, and we are continuously securing thousands of projects! We worked with users to build the right workflows and features to help them stay secure, from simplifying fixing to deep GitHub integration and more.

We’re now ready to apply what we learned to new ecosystems, so today we’re announcing Snyk’s support for Ruby - try it out!

Ruby and Snyk, Together at Last

You can test all your GitHub repos for vulnerable gems with a click of a button. Snyk will identify the Ruby repositories and match the gems they use against our open-source Ruby vulnerability database, where we currently curate over 280 known gem vulnerabilities.

A screenshot of the new Snyk GitHub Ruby integration

If any vulnerable gems are found, you can elect to have an automated PR submitted to address them. We’ll open a pull request with the necessary changes to address the vulnerability, and guide you on how to fix vulnerabilities we cant automatically resolve. Here’s a sample fix pull request if you would like to get a better idea of what exactly that entails.

Lastly, you can continuously watch those repos to prevent adding vulnerable gems as your code evolves, and to get alerted when new vulnerabilities are discovered in the gems you use.

Open Source is Free

We are committed to helping Open Source become more secure. As with our Node integration, Snyk’s Ruby integration is free for Open Source projects. Whether your have 1 or 100 public GitHub repositories, you can - and should - monitor them all at no cost. Simply test your repos and click “Watch all” for the orgs in question.

If you’re protecting your open source project with Snyk, or otherwise think Open Source security matters, please help us spread the word by adding a GitHub badge.

More to come!

We’re excited to get Snyk support for Ruby out, and would love for you to check if you’re using vulnerable gems.

At the moment, Snyk supports Ruby applications that manage their gems through Bundler and have a Gemfile.lock file checked into the root of the repository. We’ll fix vulnerable gems by proposing changes to your Gemfile.lock, without changing your Gemfile itself (sticking to the rules you have specified there). We’re already working on broadening to support gem libraries and expand the ways we fix, so stay tuned!

So if you’re using Ruby, please give the new Ruby features a try. If you have any feedback, good or bad, or specific requests for features that would be helpful for you, let us know.

A brief history of modularity

November 21, 2016

Just over a week ago, we were sponsors at the Brighton conference, ffconf. It was a day full of brilliant talks, both thought provoking and useful. Ashley Williams of NPM gave a talk titled "A brief history of modularity", which we felt was particularly relevant to Snyk, and so we thought we'd share a summary of the talk here.

Launching Serverless Snyk

November 03, 2016

To simplify the task of keeping dependencies in your Serverless application free of known vulnerabilities, we're launching the Serverless Snyk plugin.

Subscribe to The Secure Developer Podcast

A podcast about security for developers, covering tools and best practices.

Find out more

Interested in web security?

Subscribe to our newsletter:

Get realtime updates and fixes for JavaScript, Ruby and Java vulnerabilities that affect your applications