Snyk Documentation

Ruby

Snyk supports testing, monitoring and fixing Ruby projects that have their dependencies managed by Bundler and comparing the specific dependency versions against the Ruby vulnerability database.
Snyk tests all Bundler groups, and currently it is not possible to exclude certain groups (such as test or development groups).

If your Gemfile needs access to private Gem sources please get in touch.

Source Control Management

Snyk Source Code Integration supports finding, fixing, and monitoring Ruby projects and supports the following manifest files.

The following manifest files are supported:

  • Gemfile
  • Gemfile.lock

Note: Snyk requires both files to be present in order to correctly test, monitor & fix Ruby projects.

Fixing

Snyk can fix vulnerabilities by updating vulnerable gems, using bundle update, after modifying your Gemfile (sticking to the rules you have specified there as far as possible). This means that in some scenarios we won’t be able to upgrade all dependencies to non-vulnerable versions. In this case, you should consider updating the rules in your Gemfile. In future releases, we are planning to provide suggestions to make this easier.

Serverless

See the specific Snyk Serverless documentation for language support.

CLI

The following manifest files are supported:

  • Gemfile.lock
Testing a project

run the snyk test command to test your ruby project.