Code Climate bundler-audit Engine

codeclimate-bundler-audit is a Code Climate engine that wraps bundler-audit. You can run it on your command line using the Code Climate CLI, or on our hosted analysis platform.

bundler-audit offers patch-level verification for Bundler.

Installation

1. If you haven't already, install the Code Climate CLI.
2. Run codeclimate engines:enable bundler-audit. This command both installs the engine and enables it in your .codeclimate.yml file.
3. You're ready to analyze! Browse into your project's folder and run codeclimate analyze.

Configuration

By default, bundler-audit will look for a Gemfile.lock file in the root of your project. Optionally configure Code Climate to look at a different path:

plugins:
  bundler-audit:
    enabled: true
    config:
      path: optional/path/to/Gemfile.lock

In the same way you can ignore certain advisories that have been manually resolved:

# .codeclimate.yml
plugins:
  bunlder-audit:
    enabled: true
    config:
      ignore:
        - CVE-YYYY-XXXX

• ignore: [Array<String>] - A list of advisory IDs to ignore.

Updating the vulnerability database

If you want to update the vulnerability database, run

make update_database

Need help?

For help with bundler-audit, check out their documentation.

If you're running into a Code Climate issue, first look over this project's GitHub Issues, as your question may have already been covered. If not, go ahead and open a support ticket with us.