FOSSA supports Ruby through
When Ruby code is imported, FOSSA will find and run any
*.gemspec files and monitor dependency activity.
Gemfile.lock is present, FOSSA will prefer that for dependency information.
Provided Builds relies on
fossa-cli. To get started, install the latest release of
fossa-cli from our GitHub releases page:
curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/master/install.sh | bash
fossa init in your code directory should bootstrap configuration for your Ruby project.
In CI/CD Scanning for Ruby,
fossa will rely on the output of
bundle list to determine what was installed in your build environment.
View extended documentation here.
FOSSA supports fetching private Gems from custom or authenticated sources.
You can configure FOSSA's access to private Gem sources in your Ruby Language Settings found at Account Settings > Languages > Ruby:
Configuring Private RubyGem Sources
Once configured, FOSSA will be able to resolve any previously unreachable Gems.
For basic metadata, FOSSA will parse or evaluate all available metadata files for license and authorship information. This includes
Since source is generally accessible, FOSSA supports full code auditing on RubyGems and will run license scans / code analysis across all files in a given Gem.
Updated 3 months ago