Ruby
Supported frameworks and package managers
Code analysis
Interfile is currently not supported. The data flow is monitored within a single file, not between multiple files.
Snyk Code supports the following frameworks:
Ruby On Rails
Open source and licensing
Feature availability Features may not be available, depending on your plan. See pricing plans for more details.
Snyk supports testing, monitoring, and fixing Ruby Projects in the CLI and Git integrations that have their dependencies managed by Bundler and comparing the specific dependency versions against the Ruby vulnerability database.
Snyk tests all Bundler groups. Currently, it is not possible to exclude certain groups, such as test or development groups.
If your Gemfile needs access to private Gem sources, see Private Gem sources.
Platform-specific packages are currently not supported. If these are present in your Gemfile.lock
, this can cause an invalid Fix PR to be created. If possible, use the non-platform-specific variant of a package.
Open source policy
To manage licenses from your developer workflows through policy, see the following topics:
Open source license compliance
To check compliance for open source licenses, see Getting Started with Snyk License Compliance Management.
Getting started with Snyk for Ruby across environments
Snyk CLI
Prerequisites
Set the default Organization for all Snyk tests (code analysis)
Code analysis
To start testing your code using Snyk Code open your repository in a terminal and run the following command:
To customize test options, run other commands, exclude directories and files, and explore the results in different formats, see the following:
Open source and licensing
The following sections list the steps to start scanning your dependencies. The basic commands are covered, such as snyk test
and snyk monitor
. To check the full list, see CLI commands and options summary.
To scan your dependencies, ensure you install the relevant package manager and that your Project contains the supported manifest files.
Manifest files supported with Snyk for Ruby
The following manifest files are supported:
Gemfile
Gemfile.lock
Snyk requires both files to be present to correctly test, monitor, and fix Ruby projects.
Fixing vulnerabilities in your Ruby Projects
Snyk can fix vulnerabilities by updating vulnerable gems using bundle update
after modifying your Gemfile, adhering to the rules you have specified there as far as possible.
In some scenarios, Snyk cannot upgrade all dependencies to non-vulnerable versions. In this case, consider updating the rules in your Gemfile.
For Ruby versions < 3.2, Snyk does not currently support pinning a specific version of Ruby in the Gemfile, for example, ruby "2.7.7".
You must use a more permissive version range that encapsulates all point versions, such asruby "~> 2.7.x"
Private Gem sources
Using private Gem sources should work normally when you are using the Snyk CLI.
When creating Fix PRs for Ruby Projects using private Gem sources, Snyk may need access to the service hosting the Gems to update the file correctly.
Supported Ruby versions
Ruby main version | Ruby specific version |
---|---|
| |
| |
| |
| |
| |
| |
| |
|
Snyk Web UI (Git repository integration)
Snyk for Ruby is not available at the moment for Snyk Web UI. You can use it with the CLI, or with the available Snyk integrations.
Snyk integrations
🔗 For integrated development environments, see Use Snyk in your IDE.
🔗 If you prefer continuous integration/continuous delivery workflows, you can scan with Snyk based on the integration with your automation software (see Snyk CI/CD and Snyk API).
Troubleshooting
If you need help, contact Snyk Support.
Last updated