Library Vulnerability Checks

Published: Dec 8th, 2020

This is part of Joyful Rails, a list of recommendations to make developing your Rails app more productive and joyful.

In this article, we are talking about checking for library vulnerabilities.

When

You should check for library vulnerability before creating a production environment.

Why

As soon as you make your application available on the Internet, if there is a vulnerability in one of the libraries you used, it is possible that that vulnerability could be used to compromise your application.

How

Use bundler-audit to check for known security vulnerabilities in your gems.

To install, add gem 'bundler-audit' to the development section of your Gemfile and run bundle.

To run the checks, use the command bundle audit.

Update any gems with vulnerabilities.

Alternatives

There are services that will monitor your running applications for libraries with known vulnerabilities. They are a much better solution for applications that are not under active development or that, for some other reason, go a long time between updates.