[LRUG] Keeping track of new security vulnerabilities?
frederick.cheung at gmail.com
Fri Sep 20 02:11:53 PDT 2013
On 20 Sep 2013, at 10:07, Romek <romeks at gmail.com> wrote:
> To keep up with CVEs, don't do it yourself. Let NIST do it for you...
> So to install this -
> gem install bundler-audit
> to run it, navigate to the directory where the Gemfile.lock is stored:
> bundle-audit check
Very cool (assuming the database of vulnerabilities is up to date). To turn this problem on its head, people who maintain gems: where would you submit the info that a gem has been updated with a security release?
More than a few times I've found out about problems in smaller gems through twitter - hardly ideal!
More information about the Chat