Ruby (Beta)
This article shows you how to analyze your applications written in Ruby using preZero. It assumes that you have already set up and authenticated with Qwiet.
Requirements
See Prerequisites for more information.
Analyzing your Ruby application
Qwiet offers a sample application that you can use to run and test preZero. It also includes a functioning configuration file to demonstrate how you can leverage GitHub Actions to automate code analysis whenever you open a new Pull Request (PR).
To analyze your Ruby application, run:
sl analyze --app <name> --ruby <path>
| Parameter | Description |
|---|---|
--app <name> | The name of the application to be analyzed (maximum length: 100 characters) |
--ruby | The flag identifying the application's language |
<path> | The path to your project. If you're executing sl analyze in the package's directory, you can pass in shorthands like .. You can also use /<absolute-path-of-directory-of-package> or ./... (current project and sub-projects). |
See the CLI reference for additional sl analyze options.
Scanning for open-source vulnerabilities
For SCA, Qwiet looks for information about open-source packages in the project path you provided when running sl analyze. Depending on how your project repo is structured, you may also need to provide an additional configuration option so that Qwiet preZero can identify where your dependencies are located (for example, if you're running sl analyze for a package other than ., please use --oss-project-dir <project-dir> to specify the location of the <project-dir> directory where Gemfile or Gemfile.lock is located).
Sample usage
sl analyze --app shiftleft-ruby-demo --ruby .
Additional parameters
The analysis accepts additional parameters after a double hyphen --.
| Additional parameter | Description |
|---|---|
--exclude | Exclude packages by exact match on full package path |
--exclude-regex | Exclude packages with paths matching the given regular expression |
Such parameters, if valid, are passed directly to the Ruby analyzer.
Sample usage of additional parameters
To ignore a specific file likelib/encryption.rb from the analysis:
sl analyze --app <name> --ruby [<path>] -- --exclude 'lib/encryption.rb'
Tagging results with your branch name
To include the branch name in your preZero results, allowing you to distinguish one set of results from another, add the following to your invocation of Qwiet:
sl analyze --tag branch=$(git symbolic-ref --short HEAD)
If you're working in a GitHub environment (e.g., GitHub Actions), you can also use --tag branch=${{ github.head_ref }} to populate your branch name.
If you don't provide a branch name, but Qwiet detects one available in your environment, it will use that name.
Troubleshooting
If you have any issues scanning your project, please see our general troubleshooting page.