Library Vulnerability Checks
Published: Dec 8th, 2020
This is part of Joyful Rails, a list of recommendations to make developing your Rails app more productive and joyful.
In this article, we are talking about checking for library vulnerabilities.
You should check for library vulnerability before creating a production environment.
As soon as you make your application available on the Internet, if there is a vulnerability in one of the libraries you used, it is possible that that vulnerability could be used to compromise your application.
Use bundler-audit to check for known security vulnerabilities in your gems.
To install, add
gem 'bundler-audit' to the development section of your
Gemfile and run
To run the checks, use the command
Update any gems with vulnerabilities.
There are services that will monitor your running applications for libraries with known vulnerabilities. They are a much better solution for applications that are not under active development or that, for some other reason, go a long time between updates.