Snyk for Ruby
We scan Ruby projects by examining your Gemfile.lock to compare the specific versions of every direct and deep dependency in your project against our Ruby vulnerability database. We are testing all Bundler groups, and currently you can’t choose to exclude certain groups (such as test or development groups).
Currently we only support fixing Ruby projects through our GitHub integration. We fix by updating vulnerable gems, using
bundle update, after modifying your Gemfile (sticking to the rules you have specified there as far as possible). This means that in some scenarios we won’t be able to upgrade all dependencies to non-vulnerable versions. In this case, you should consider updating the rules in your Gemfile. In future releases, we are planning to provide suggestions to make this easier.