Skip to main content

Scan a Ruby Project for Upgrade Drift

Scan a Ruby project with Vibgrate CLI to get a DriftScore across Bundler gems, export SARIF, and add a fail-on gate for CI.

Difficulty
Beginner
Duration
15 minutes
Steps
5

Ruby projects manage gems with Bundler, pinning versions in Gemfile.lock. Those versions drift behind upstream releases over time. Vibgrate CLI detects the Ruby ecosystem, scans your Gemfile and lockfile, and reports a DriftScore so you can keep gems current.

Prerequisites

  • A Ruby project with Gemfile and Gemfile.lock
  • Vibgrate CLI installed, or use the no-install form

Steps

1. Install the CLI

npm i -g @vibgrate/cli

Or try it without installing:

npx @vibgrate/cli scan

2. Scan the project

From the project root:

vg

Vibgrate detects Ruby from your Gemfile and lockfile and reports drift findings by severity.

3. Read the DriftScore

The DriftScore (0-100) summarizes accumulated upgrade risk. Review high-severity findings first to plan gem updates.

4. Export SARIF

Emit SARIF for code-scanning dashboards:

vg scan --format sarif --out vibgrate.sarif

5. Add a fail-on gate

Fail the run when error-level drift appears:

vg scan --fail-on error

Verification

Confirm a DriftScore and findings printed, and that vibgrate.sarif exists. With --fail-on error, check echo $? to confirm the gate exits non-zero on high-severity drift.

Next Steps

Create a baseline with vg baseline to track drift across releases, and explore the Breaking Change scanner for gems known to cause upgrade pain.

Prerequisites

  • A Ruby project with Gemfile and Gemfile.lock
  • Vibgrate CLI installed

Steps

  • 1
    Install the CLI
  • 2
    Scan the project
  • 3
    Read the DriftScore
  • 4
    Export SARIF
  • 5
    Add a fail-on gate

Category

Vibgrate