Supported frameworks and package managers

Code analysis

Interfile is currently not supported. The data flow is monitored within a single file, not between multiple files.

Snyk Code supports the following frameworks:

  • Ruby On Rails

Open source and licensing

Feature availability Features may not be available, depending on your plan. See pricing plans for more details.

Snyk supports testing, monitoring, and fixing Ruby Projects in the CLI and Git integrations that have their dependencies managed by Bundler and comparing the specific dependency versions against the Ruby vulnerability database.

Snyk tests all Bundler groups. Currently, it is not possible to exclude certain groups, such as test or development groups.

If your Gemfile needs access to private Gem sources, see Private Gem sources.

Platform-specific packages are currently not supported. If these are present in your Gemfile.lock, this can cause an invalid Fix PR to be created. If possible, use the non-platform-specific variant of a package.

Open source policy

To manage licenses from your developer workflows through policy, see the following topics:

Open source license compliance

To check compliance for open source licenses, see Getting Started with Snyk License Compliance Management.

Getting started with Snyk for Ruby across environments

Snyk CLI


Code analysis

To start testing your code using Snyk Code open your repository in a terminal and run the following command:

snyk code test

To customize test options, run other commands, exclude directories and files, and explore the results in different formats, see the following:

Open source and licensing

The following sections list the steps to start scanning your dependencies. The basic commands are covered, such as snyk test and snyk monitor. To check the full list, see CLI commands and options summary.

To scan your dependencies, ensure you install the relevant package manager and that your Project contains the supported manifest files.

Manifest files supported with Snyk for Ruby

The following manifest files are supported:

  • Gemfile

  • Gemfile.lock

Snyk requires both files to be present to correctly test, monitor, and fix Ruby projects.

Fixing vulnerabilities in your Ruby Projects

Snyk can fix vulnerabilities by updating vulnerable gems using bundle updateafter modifying your Gemfile, adhering to the rules you have specified there as far as possible.

In some scenarios, Snyk cannot upgrade all dependencies to non-vulnerable versions. In this case, consider updating the rules in your Gemfile.

For Ruby versions < 3.2, Snyk does not currently support pinning a specific version of Ruby in the Gemfile, for example, ruby "2.7.7". You must use a more permissive version range that encapsulates all point versions, such asruby "~> 2.7.x"

Private Gem sources

Using private Gem sources should work normally when you are using the Snyk CLI.

When creating Fix PRs for Ruby Projects using private Gem sources, Snyk may need access to the service hosting the Gems to update the file correctly.

Supported Ruby versions

Ruby main versionRuby specific version


2.3.1, 2.3.6


2.4.0, 2.4.1, 2.4.2, 2.4.5, 2.4.6, 2.4.9


2.5.0, 2.5.1, 2.5.3


2.6.1, 2.6.3, 2.6.5, 2.6.6


2.7.2, 2.7.3, 2.7.4, 2.7.5, 2.7.6, 2.7.7, 2.7.8




3.1.0, 3.1.1, 3.1.2, 3.1.3


3.2.0, 3.2.1

Snyk Web UI (Git repository integration)

Snyk for Ruby is not available at the moment for Snyk Web UI. You can use it with the CLI, or with the available Snyk integrations.

Snyk integrations

🔗 For integrated development environments, see Use Snyk in your IDE.

🔗 If you prefer continuous integration/continuous delivery workflows, you can scan with Snyk based on the integration with your automation software (see Snyk CI/CD and Snyk API).


If you need help, contact Snyk Support.

Last updated

More information

Snyk privacy policy

© 2023 Snyk Limited | All product and company names and logos are trademarks of their respective owners.