Snyk for Ruby
Snyk supports testing, monitoring, and fixing Ruby Projects in the CLI and Git integrations that have their dependencies managed by Bundler and comparing the specific dependency versions against the Ruby vulnerability database.
Snyk tests all Bundler groups. Currently, it is not possible to exclude certain groups, such as test or development groups.
If your Gemfile needs access to private Gem sources, see Private Gem sources.
Platform-specific packages are currently not supported. If these are present in your Gemfile.lock, this can cause an invalid Fix PR to be created. If possible, use the non-platform-specific variant of a package.
Manifest files supported with Snyk for Ruby
The following manifest files are supported:
GemfileGemfile.lock
Fixing vulnerabilities in your Ruby Projects
Snyk can fix vulnerabilities by updating vulnerable gems using bundle updateafter modifying your Gemfile, adhering to the rules you have specified there as far as possible.
In some scenarios, Snyk cannot upgrade all dependencies to non-vulnerable versions. In this case, consider updating the rules in your Gemfile.
Private Gem sources
Using private Gem sources should work normally when you are using the Snyk CLI.
When creating Fix PRs for Ruby Projects using private Gem sources, Snyk may need access to the service hosting the Gems to update the file correctly.
Supported Ruby versions
2.3.X
2.3.X2.3.1,2.3.6
2.4.X
2.4.X2.4.0,2.4.1,2.4.2,2.4.5,2.4.6,2.4.9
2.5.X
2.5.X2.5.0,2.5.1,2.5.3
2.6.X
2.6.X2.6.1,2.6.3,2.6.5,2.6.6
2.7.X
2.7.X2.7.2,2.7.3,2.7.4,2.7.5,2.7.6,2.7.7,2.7.8
3.0.X
3.0.X3.0.0
3.1.X
3.1.X3.1.0,3.1.1,3.1.2,3.1.3
3.2.X
3.2.X3.2.0,3.2.1
Last updated
Was this helpful?