https://snyk.io/wp-content/uploads/blog-head-default.png

Announcing Snyk for Ruby

November 10, 2016 | in Product
| By Guy Podjarny

In the year since Snyk launched, we’ve been busy focusing on securing Node.js applications. Since that time our open-source database of npm package vulnerabilities has grown to 165, nearly a million tests have been run by our users, and we are continuously securing thousands of projects! We worked with users to build the right workflows and features to help them stay secure, from simplifying fixing to deep GitHub integration and more.

We’re now ready to apply what we learned to new ecosystems, so today we’re announcing Snyk’s support for Ruby – try it out!

Ruby and Snyk, Together at Last

You can test all your GitHub repos for vulnerable gems with a click of a button. Snyk will identify the Ruby repositories and match the gems they use against our open-source Ruby vulnerability database, where we currently curate over 280 known gem vulnerabilities.

If any vulnerable gems are found, you can elect to have an automated PR submitted to address them. We’ll open a pull request with the necessary changes to address the vulnerability, and guide you on how to fix vulnerabilities we cant automatically resolve. Here’s a sample fix pull request if you would like to get a better idea of what exactly that entails.

Lastly, you can continuously watch those repos to prevent adding vulnerable gems as your code evolves, and to get alerted when new vulnerabilities are discovered in the gems you use.

Open Source is Free

We are committed to helping Open Source become more secure. As with our Node integration, Snyk’s Ruby integration is free for Open Source projects. Whether your have 1 or 100 public GitHub repositories, you can – and should – monitor them all at no cost. Simply test your repos and click “Watch all” for the orgs in question.

If you’re protecting your open source project with Snyk, or otherwise think Open Source security matters, please help us spread the word by adding a GitHub badge.

More to come!

We’re excited to get Snyk support for Ruby out, and would love for you to check if you’re using vulnerable gems.

At the moment, Snyk supports Ruby applications that manage their gems through Bundler and have a Gemfile.lock file checked into the root of the repository. We’ll fix vulnerable gems by proposing changes to your Gemfile.lock, without changing your Gemfile itself (sticking to the rules you have specified there). We’re already working on broadening to support gem libraries and expand the ways we fix, so stay tuned!

So if you’re using Ruby, please give the new Ruby features a try. If you have any feedback, good or bad, or specific requests for features that would be helpful for you, let us know.