What is SourceNinja?

SourceNinja is an awesome service that allows you to stay informed of updates to the open source packages that your application uses. When a newer version of a package is released, SourceNinja alerts you and gives you actionable information to help you determine whether you should upgrade to the newer package.

Visit SourceNinja to learn more.

What is the sourceninja gem?

The sourceninja gem is a gem that can be included in your Rails application to allow seamless integration with SourceNinja. The sourceninja gem will send SourceNinja the list of the gem names and gem versions that you are using to begin managing your open source libraries.

In a non-Rails environment, a script is included for processing a Gemfile.lock and uploading it to SourceNinja.

Getting Started

1. Create a SourceNinja account.

2. Log into SourceNinja and create a product. The product you create will be paired with your application.

3. After you create a product, you will be directed to a page asking what language your application is running. Select Rails from the menu on the left side.

4. You will be presented with two values, you'll need these two values later.

   SOURCENINJA_TOKEN="50a336d92da8ddea1ae0a6c0d06a172"
   SOURCENINJA_PRODUCT_ID="477fcfa7-765a-4b91-b6a5-2ebe4c4f9d58"
   

5. Install the sourceninja gem. You can do this by adding the following line to your Gemfile.

   gem "sourceninja", "~> 0.0.6"
   

6. Run bundle install.

Rails environment - Testing

1. In order to automate the process of uploading module information from your Rails environment, you can create an initializer script to configure how your Rails application will send information to SourceNinja.

Contents of config/initializers/sourceninja.rb

ENV["SOURCENINJA_TOKEN"]      ||= "50a336d92da8ddea1ae0a6c0d06a172"
ENV["SOURCENINJA_PRODUCT_ID"] ||= "477fcfa7-765a-4b91-b6a5-2ebe4c4f9d58"

The values that you set in this initializer script should be the ones presented to you in step 4, above.

Now each time your Rails application is started, the sourceninja gem will be run and data will be populated back to SourceNinja. If you visit your SourceNinja page you will be given a list of outdated gems.

You could also use these steps if you want to manage a production instance and a development instance.

Note: DO NOT DO THIS FOR PRODUCTION: No configuration files with sensitive information should ever be required within the application source and required config values should be read in from the ENV by supported libraries.

Rails environment - Production

1. Configure environment variables for SOURCENINJA_TOKEN and SOURCENINJA_PRODUCT_ID using the values from step 4, above.

Non-Rails environment

1. Included in the gem is a script, sourceninja, that you may run to have it upload information to SourceNinja directly from your Gemfile.lock.

2. You will need the SOURCENINJA_TOKEN and SOURCENINJA_PRODUCT_ID values from step 4, above.

3. Run the script with -h to see this output:

   Usage: sourceninja -t <sourceninja_account_token> -p <sourceninja_product_id> [-f Gemfile.lock]
       -f, --filename FILE              Gemfile.lock file to process
       -h, --help                       Display this screen
       -p, --product_id PRODUCT_ID      SourceNinja Product ID
       -t, --token TOKEN                SourceNinja API Key Token
       -v, --verbose                    Output more information
   

4. Run the script using -p, -f, and -t to pass along the correct configuration information to SourceNinja.

5. Now you can login to your SourceNinja account and review your project's information.

Support

Feel free to email us at support at sourceninja dot com if you have any questions or issues.