bundler-audit for insecure source

Asked Jan 20 '15 at 20:00

Active Jan 23 '15 at 18:02

Viewed 625 times

I want to use bundler-audit for auditing my Gemfile.lock but I have my own gems repository. When I run

bundler-audit

It always give me this error or notification:

Insecure Source URI found: http://gems.repository.cu/
Unpatched versions found!

Then, how do I tell to bundler-audit that I want to check from an insecure source ?

Is it possible?

asked Jan 20 '15 at 20:00

Robert

From the source code it seems it also checks gems from Insecure Sources it just displays a warning on the console that it found an insecure source. – nemesv Jan 24 '15 at 15:32
but it is a red warning !! and also show `Unpatched versions found!` , what is it? – Robert Jan 26 '15 at 13:21
1

The latest version of bundler-audit is not released yet and this is a bug in the old version. It should display "Insecure Source URI found: http://gems.repository.cu/" in yellow and "Vulnerabilities found!" in red. And it means that it checked all your gems and no other problems it has found but it saw the http gemsouce so it displayed this warning. – nemesv Jan 27 '15 at 08:08
what is the latest version? I am using: `bundler-audit (0.3.1)` – Robert Jan 27 '15 at 12:39
0.3,1 is the latest version. The version (https://github.com/rubysec/bundler-audit/commit/8a85b9cb256c77d630c98db44c0e4bba02ea2b53) I've mentioned is not released yet. – nemesv Jan 27 '15 at 12:44

0 Answers0