bundler-audit

Public

bundler-audit provides patch-level verification for Bundled apps.

Used 72 times

• Created by

V Viktor Schmidt

Usage

RubyGems: https://rubygems.org/gems/bundler-audit

$ bin/bundler-audit check --update

Run this command in your Rails app directory in the terminal:

rails app:template LOCATION="https://railsbytes.com/script/zJosgN"

Template Source

Review the code before running this template on your machine.

def do_bundle
  Bundler.with_unbundled_env { run "bundle install" }
end

def print_green(heredoc)
  puts set_color heredoc, :green
end

def do_commit
  git :init
  git add: "."
  Bundler.with_unbundled_env { git commit: " -m 'Add bundler-audit patch-level verification' " }
end

def puts_usage
  say "\nUsage:"
  say "`bin/bundler-audit check --update`"
end

if Rails.version < "7.2"
  say "\nApplying bundler-audit patch-level verification..."
  inject_into_file 'Gemfile', after: 'group :development do' do
    <<-RUBY 

  # bundler-audit provides patch-level verification for Bundled apps.
  gem "bundler-audit", "~> 0.9", require: false
    RUBY
  end

  do_bundle

  run "bundle binstubs bundler-audit"
  run "bin/bundler-audit check --update"

  say "\nAdding documentation for developers..."
  create_file "docs/security.md", "# Security\n" unless File.exist? "docs/security.md"
  append_file "docs/security.md" do
    <<~EOF  

    ## Bundler-Audit

    [bundler-audit](https://rubygems.org/gems/bundler-audit) provides patch-level verification for Bundled apps.

    Update audit db:

    `$ bin/bundler-audit update`

    Run checks:

    `$ bin/bundler-audit check`

    Or run it all in one command:

    `$ bin/bundler-audit check --update`
    EOF
  end

  do_commit

  print_green "\nAdded bundler-audit successfully!"
  puts_usage
end

Comments

Viktor Schmidt

You should use dependabot, see https://github.com/rails/rails/pull/50536

Viktor Schmidt

Dependabot is now included in default Rails GitHub CI files, see https://github.com/rails/rails/pull/50508