Scan a Ruby Project for Upgrade Drift
Scan a Ruby project with Vibgrate CLI to get a DriftScore across Bundler gems, export SARIF, and add a fail-on gate for CI.
Ruby projects manage gems with Bundler, pinning versions in Gemfile.lock. Those versions drift behind upstream releases over time. Vibgrate CLI detects the Ruby ecosystem, scans your Gemfile and lockfile, and reports a DriftScore so you can keep gems current.
Prerequisites
- A Ruby project with
GemfileandGemfile.lock - Vibgrate CLI installed, or use the no-install form
Steps
1. Install the CLI
npm i -g @vibgrate/cli
Or try it without installing:
npx @vibgrate/cli scan
2. Scan the project
From the project root:
vg
Vibgrate detects Ruby from your Gemfile and lockfile and reports drift findings by severity.
3. Read the DriftScore
The DriftScore (0-100) summarizes accumulated upgrade risk. Review high-severity findings first to plan gem updates.
4. Export SARIF
Emit SARIF for code-scanning dashboards:
vg scan --format sarif --out vibgrate.sarif
5. Add a fail-on gate
Fail the run when error-level drift appears:
vg scan --fail-on error
Verification
Confirm a DriftScore and findings printed, and that vibgrate.sarif exists. With --fail-on error, check echo $? to confirm the gate exits non-zero on high-severity drift.
Next Steps
Create a baseline with vg baseline to track drift across releases, and explore the Breaking Change scanner for gems known to cause upgrade pain.