bundler-audit is a cool tool that verifies gems bundled in your Gemfile.lock against known security vulnerabilities. I recommend to run it in your projects in regular manner.

When I wanted to include security verification to standard build pipe line in AirHelp TeamCity I needed to create Dockerfile for it. No matter if you like Docker or not we use it for everything. Every TeamCity job is run inside container. Lets call it

Docker - the hard way

Not all things in Docker are simple, but luckily this one was not so hard. If you would like to check your gems just run

docker run --rm -v "$PWD":/usr/src/app sebanpl/bundler-audit

from your project directory.

After couple of seconds you will get output of your Gemfile verification. It also ends up with 0 return code in case there is no security problems or non-zero in otherwise, so it is easy to integrate it with continuous integration tools.

If you would like to get the details