# Bundler::Advise Scans a Gemfile looking for known vulnerable gems. ## Installation Add this line to your application's Gemfile: ```ruby gem 'bundler-advise' ``` And then execute: $ bundle Or install it yourself as: $ gem install bundler-advise ## Goal The intent of this gem is to provide a library alternate to `bundler-audit` with an MIT license. The intent of `bundler-audit` is to be a [standalone utility](https://github.com/rubysec/bundler-audit/issues/9), `bundler-advise` can be integrated into other codebases without concerns over GPLv3 licensing. Both tools fetch and parse the contents of the [ruby-advisory-db](rubysec/ruby-advisory-db.git). `bundle-advise` has no CLI, does not scan for insecure sources, but does support custom advisory databases that match the interface of the data in ruby-advisory-db, for organizations that want to maintain an internal database for private gems. ## Usage ```ruby require 'bundler/advise' # Presuming the default ruby-advisory-db on github.com and Dir.pwd is set to # project root, containing the project's Gemfile.lock advisories = Bundler::Advise::GemAdviser.new.scan_lockfile # To change the directory: advisories = Bundler::Advise::GemAdviser.new(dir: other_project_dir).scan_lockfile # To use a custom advisory db: db = Bundler::Advise::Advisories.new(dir: my_custom_db_path, repo: custom_git_url) advisories = Bundler::Advise::GemAdviser.new(advisories: db).scan_lockfile ``` ## Development After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment. To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org). ## Contributing Bug reports and pull requests are welcome on GitHub at https://github.com/chrismo/bundler-advise. ## License The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).