jf audit support for rubygems

jfrog / jfrog-cli

JFrog CLI is a client that provides a simple interface that automates access to the JFrog products.

https://www.jfrog.com/confluence/display/CLI/JFrog+CLI

Apache License 2.0

530 stars 227 forks source link

jf audit support for rubygems #2053

Open naveen2097 opened 1 year ago

naveen2097 commented 1 year ago

As part of the shift left security, one of our customers wants to utilize the jf audit command to scan Xray-supported packages. Among this, they are keenly interested in scanning rubygems packages.

From this documentation, I see that support for RubyGems is missing.

Internal JFrog Support Ticket # 256930

alexanderjohn commented 7 months ago

Please promote this up. We 100% need this. The alternative scan does not offer any help:

jf scan --fixable-only --watches 'watch-default' vendor/bundle/ruby/3.1.0/cache/*.gem

it responds with no vulnerabilities and i have heavy doubts this to be true based on how old the projects our company works on.