Analyses your Gemfile.lock for dependency health across the full transitive graph: whether each gem is actively maintained (last activity on GitHub, GitLab, or Codeberg/Forgejo, plus release recency), outdated versions, archived repos, OpenSSF Scorecard scores, known vulnerabilities (deps.dev merged with ruby-advisory-db), and libyear drift. Ruby version freshness with EOL detection. Handles rubygems, git, path, GitHub Packages, and JFrog Artifactory sources. Outputs coloured terminal tables, markdown, JSON (with a versioned, contract-tested schema), SARIF for GitHub code scanning, and a CycloneDX SBOM. CI quality gates (--fail-if-critical / -warning / -vulnerable / -outdated) with granular, committed suppression via .still_active.yml. A comprehensive alternative to running bundle outdated, bundler-audit, and libyear-bundler separately.
Required Ruby Version
>= 3.3.0
Authors
Sean Floyd
Versions
- 2.0.0 June 14, 2026 (76 KB)
- 1.6.0 June 08, 2026 (48.5 KB)
- 1.5.0 May 23, 2026 (45 KB)
- 1.4.2 May 22, 2026 (36 KB)
- 1.4.1 May 22, 2026 (35.5 KB)
Pushed by
SHA 256 checksum
Provenance
Source Commit
Build File