Show HN: GemGuard: Ruby gem to scan and auto-fix vulnerable dependencies
github.comHi HN,
I’m the creator of GemGuard, an open source Ruby tool aimed at improving supply chain security for Ruby projects.
Ruby developers often trust their Gemfile.lock without much scrutiny, but issues like typosquatting, unpatched vulnerabilities, and lack of SBOM (Software Bill of Materials) generation remain significant risks.
GemGuard helps by:
Scanning your Gemfile.lock against OSV.dev and Ruby Advisory Database CVEs
Detecting suspicious typosquatted gems with fuzzy string matching
Generating SPDX and CycloneDX SBOMs for compliance and transparency
Offering an auto-fix command that safely upgrades vulnerable gems and backs up your lockfile
Integrating easily with CI/CD workflows for continuous security
It’s lightweight, Ruby-first, and designed to be part of your normal dev workflow, not an afterthought.
You can check it out here: GitHub: https://github.com/wilburhimself/gem_guard RubyGems: https://rubygems.org/gems/gem_guard
I’m open to feedback, critiques, and contributions. If you try it, I’d love to hear how it works for your projects or any gaps you discover.
Thanks for reading!