Ruby Makefile
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
bin
lib/cc/engine
spec
.codeclimate.yml
.rubocop.yml
.ruby-version
DATABASE_VERSION
Dockerfile
Dockerfile.test
Gemfile
Gemfile.lock
Makefile
README.md
Rakefile
WERE_HIRING.md
circle.yml

README.md

Code Climate bundler-audit Engine

Code Climate

codeclimate-bundler-audit is a Code Climate engine that wraps bundler-audit. You can run it on your command line using the Code Climate CLI, or on our hosted analysis platform.

bundler-audit offers patch-level verification for Bundler.

Installation

  1. If you haven't already, install the Code Climate CLI.
  2. Run codeclimate engines:enable bundler-audit. This command both installs the engine and enables it in your .codeclimate.yml file.
  3. You're ready to analyze! Browse into your project's folder and run codeclimate analyze.

Configuration

By default, bundler-audit will look for a Gemfile.lock file in the root of your project. Optionally configure Code Climate to look at a different path:

plugins:
  bundler-audit:
    enabled: true
    config:
      path: optional/path/to/Gemfile.lock

Updating the vulnerability database

If you want to update the vulnerability database, run

make update_database

Need help?

For help with bundler-audit, check out their documentation.

If you're running into a Code Climate issue, first look over this project's GitHub Issues, as your question may have already been covered. If not, go ahead and open a support ticket with us.