Skip to content

diffend-io/bundler-integrity

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits

bin

bin

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

bundler-integrity.gemspec

bundler-integrity.gemspec

 
 

demo-img.png

demo-img.png

 
 

Repository files navigation

Bundler Integrity

This is a gem that runs Bundler checksum integrity checks against RubyGems API.

It allows to detect packages that were tampered with or replaced via cache poison or replaced.

It uses correct SHA checksums from the RubyGems API, so if anything happened "in between" it should be detected.

No warranties whatsoever.

Usage

For local you can add bundler-integrity to your gemfile (recommended):

bundle add bundler-integrity
bundle install
# And run this to verify integrity of your local installation
bundle exec bundler-integrity

demo shell example

Exporting data

You can also export the expected checksums with the gems package names, so you can compare that on multiple servers without having to install this package everywhere.

To do so, install bundler-integrity on one of the machines as stated above and run:

bundle exec bundler-integrity export

to get list of all the expected checksums for all the packages.

Created by

Maciej Mensfeld and WhiteSource :)

About

Checksum integrity verifier for RubyGems and Bundler

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

27 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages