Skip to content

Add audit bundler to CI

Nina requested to merge audit-bundler into master

This commit adds a bundler-audit job on gitlab ci. With this step bundler-audit will:

  • Check for vulnerable versions of gems in Gemfile.lock.

  • Check for insecure gem sources (http://).

bundler-audit uses the ruby-advisory-db - a db for vulnerable ruby gems.

To see the current result of the check, see: https://0xacab.org/schleuder/schleuder-cli/-/jobs/27713

allow_failures is set to true. This way the rest of the CI suite is not affected by failures, merges can be made, but a warning is displayed.

Edited by georg

Merge request reports