Skip to main content

Library Vulnerability Checks

Published: Dec 8th, 2020

This is part of Joyful Rails, a list of recommendations to make developing your Rails app more productive and joyful.

In this article, we are talking about checking for library vulnerabilities.


You should check for library vulnerability before creating a production environment.


As soon as you make your application available on the Internet, if there is a vulnerability in one of the libraries you used, it is possible that that vulnerability could be used to compromise your application.


Use bundler-audit to check for known security vulnerabilities in your gems.

To install, add gem 'bundler-audit' to the development section of your Gemfile and run bundle.

To run the checks, use the command bundle audit.

Update any gems with vulnerabilities.


There are services that will monitor your running applications for libraries with known vulnerabilities. They are a much better solution for applications that are not under active development or that, for some other reason, go a long time between updates.