bundler-audit
Licensed under the GPLv3 license.
Provides patch-level published-vulnerability verification for Bundler.
- Checks for vulnerable versions of gems in
Gemfile.lock. - Checks for insecure gem sources (
http://). - Allows ignoring certain advisories that have been manually worked around.
- Prints advisory information.
- Does not require a network connection.
Changes Accepted Upstream
- Add coverage analysis.
- Be clear in the README about allowed RubyGems versions.
- Broaden test suite a bit.
- Make tests more resilient to changes in details of the output from
bundler-audit. - Add tests for Database class.
- Clean up some lingering issues around the switch to requiring RubyGems 1.8.
- Reduce git noise for contributors.
- Add Ruby 2.0 to Travis test list.
- Whitespace cleanup.