Documentation

Snyk for Ruby

What type of Ruby projects does Snyk support?

Snyk supports testing and fixing Ruby projects that have their dependencies managed by Bundler.

It is available for GitHub, Bitbucket Server, GitLab repositories, and via the Snyk CLI.

If your Gemfile needs access to private Gem sources please get in touch.

Testing Ruby projects

We scan Ruby projects by examining your Gemfile.lock to compare the specific versions of every direct and deep dependency in your project against our Ruby vulnerability database. We are testing all Bundler groups, and currently you can’t choose to exclude certain groups (such as test or development groups).

Fixing Ruby projects

Currently we only support fixing Ruby projects through our GitHub integration. We fix by updating vulnerable gems, using bundle update, after modifying your Gemfile (sticking to the rules you have specified there as far as possible). This means that in some scenarios we won’t be able to upgrade all dependencies to non-vulnerable versions. In this case, you should consider updating the rules in your Gemfile. In future releases, we are planning to provide suggestions to make this easier.