We use cookies to ensure you get the best experience on our website.Read moreRead moreGot it

close
  • Products
    • Products
      • Snyk Code (SAST)
        Secure your code as it’s written
      • Snyk Open Source (SCA)
        Avoid vulnerable dependencies
      • Snyk Container
        Keep your base images secure
      • Snyk Infrastructure as Code
        Develop secure cloud infrastructure
      • Snyk Cloud
        Keep your cloud environment secure
    • Solutions
      • Application security
        Build secure, stay secure
      • Software supply chain security
        Mitigate supply chain risk
      • Cloud security
        Build and operate securely
    • Platform
      • What is Snyk?
        Developer-first security in action
      • Developer security platform
        Modern security in a single platform
      • Security intelligence
        Comprehensive vulnerability data
      • License compliance management
        Manage open source usage
      • Snyk Learn
        Self-service security education
  • Resources
    • Using Snyk
      • Documentation
      • Vulnerability intelligence
      • Product training
      • Support & services
      • Support portal & FAQ’s
      • User hub
    • learn & connect
      • Blog
      • Community
      • Events & webinars
      • DevSecOps hub
      • Developer & security resources
    • Listen to the Cloud Security Podcast, powered by Snyk
  • Company
    • About Snyk
    • Customers
    • Partners
    • Newsroom
    • Snyk Impact
    • Contact us
    • Jobs at Snyk We are hiring
  • Pricing
Log inBook a demoSign up
All articles
  • Application Security
  • Cloud Native Security
  • DevSecOps
  • Engineering
  • Partners
  • Snyk Team
  • Show more
    • Vulnerabilities
    • Product
    • Ecosystems
https://res.cloudinary.com/snyk/image/upload/v1645713086/snyk-marketingwp/snyk-default-blog-hero.jpg
Product

Announcing Snyk for Ruby

Guy PodjarnyNovember 10, 2016

In the year since Snyk launched, we’ve been busy focusing on securing Node.js applications. Since that time our open-source database of npm package vulnerabilities has grown to 165, nearly a million tests have been run by our users, and we are continuously securing thousands of projects! We worked with users to build the right workflows and features to help them stay secure, from simplifying fixing to deep GitHub integration and more.

We’re now ready to apply what we learned to new ecosystems, so today we’re announcing Snyk’s support for Ruby – try it out!

Ruby and Snyk, Together at Last

You can test all your GitHub repos for vulnerable gems with a click of a button. Snyk will identify the Ruby repositories and match the gems they use against our open-source Ruby vulnerability database, where we currently curate over 280 known gem vulnerabilities.

If any vulnerable gems are found, you can elect to have an automated PR submitted to address them. We’ll open a pull request with the necessary changes to address the vulnerability, and guide you on how to fix vulnerabilities we cant automatically resolve. Here’s a sample fix pull request if you would like to get a better idea of what exactly that entails.

Lastly, you can continuously watch those repos to prevent adding vulnerable gems as your code evolves, and to get alerted when new vulnerabilities are discovered in the gems you use.

Open Source is Free

We are committed to helping Open Source become more secure. As with our Node integration, Snyk’s Ruby integration is free for Open Source projects. Whether your have 1 or 100 public GitHub repositories, you can – and should – monitor them all at no cost. Simply test your repos and click “Watch all” for the orgs in question.

If you’re protecting your open source project with Snyk, or otherwise think Open Source security matters, please help us spread the word by adding a GitHub badge.

More to come!

We’re excited to get Snyk support for Ruby out, and would love for you to check if you’re using vulnerable gems.

At the moment, Snyk supports Ruby applications that manage their gems through Bundler and have a Gemfile.lock file checked into the root of the repository. We’ll fix vulnerable gems by proposing changes to your Gemfile.lock, without changing your Gemfile itself (sticking to the rules you have specified there). We’re already working on broadening to support gem libraries and expand the ways we fix, so stay tuned!

So if you’re using Ruby, please give the new Ruby features a try. If you have any feedback, good or bad, or specific requests for features that would be helpful for you, let us know.

Discuss this blog on Discord

Join the DevSecOps Community on Discord to discuss this topic and more with other security-focused practitioners.

GO TO DISCORD
Footer Wave Top
Patch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo Segment
Develop Fast.
Stay Secure.
Snyk|Open Source Security Platform
Sign up for freeBook a demo

Product

  • Developers & DevOps
  • Vulnerability database
  • API status
  • Pricing
  • IDE plugins
  • What is Snyk?

Resources

  • Snyk Learn
  • Blog
  • Security fundamentals
  • Resources for security leaders
  • Documentation
  • Snyk API
  • Disclosed vulnerabilities
  • Open Source Advisor
  • FAQs
  • Website scanner
  • Code snippets
  • Japanese site
  • Audit services
  • Web stories

Company

  • About
  • Snyk Impact
  • Customers
  • Jobs at Snyk
  • Snyk for government
  • Legal terms
  • Privacy
  • Press kit
  • Events
  • Security and trust
  • Do not sell my personal information

Connect

  • Book a demo
  • Contact us
  • Support
  • Report a new vuln

Security

  • JavaScript Security
  • Container Security
  • Kubernetes Security
  • Application Security
  • Open Source Security
  • Cloud Security
  • Secure SDLC
  • Cloud Native Security
  • Secure coding
  • Python Code Examples
  • JavaScript Code Examples
  • Code Checker
  • Python Code Checker
  • JavaScript Code Checker
Snyk|Open Source Security Platform

Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.

Resources

  • Snyk Learn
  • Blog
  • Security fundamentals
  • Resources for security leaders
  • Documentation
  • Snyk API
  • Disclosed vulnerabilities
  • Open Source Advisor
  • FAQs
  • Website scanner
  • Code snippets
  • Japanese site
  • Audit services
  • Web stories

Track our development

© 2023 Snyk Limited
Registered in England and Wales
Company number: 09677925
Registered address: Highlands House, Basingstoke Road, Spencers Wood, Reading, Berkshire, RG7 1NT.
Footer Wave Bottom