RubyGems - appcanary - Versions diffs - 0.1.2 → 0.1.3 - Mend

appcanary 0.1.2 → 0.1.3

Files changed (7) hide show

checksums.yaml +4 -4
data/README.md +20 -4
data/lib/appcanary/http.rb +1 -1
data/lib/appcanary/tasks/appcanary/check.rake +12 -2
data/lib/appcanary/version.rb +1 -1
metadata +3 -4
data/.travis.yml +0 -5

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 96de267898e55b67de4bd2f10c794548b559725c
-  data.tar.gz: 57731358db822db9c9843866a7de38dc26e875fd
+  metadata.gz: 284939affc1454e5a6d28abe108b4c9949288c2e
+  data.tar.gz: 59b656003a5ac8a4533377757197d79d25ca1784
 SHA512:
-  metadata.gz: fc2d60a3ab2bc5c1e290c6aed16454e6f2f1e7a7e28778bcfdb5645aecf22b60ccab6d1691a63c2af149cfd3b1cf8ecdb09a4eafb020e5b97f2706fbe9bd6ce9
-  data.tar.gz: e0cff42089de63d3c3931951a7a319a522b3a34a26bae473bed4c6f0a95fca8d9d12fa5cd92d476131375cd4f1c11f215a4da20a7b49e400e58ce241f77f4225
+  metadata.gz: 201fd68b7ef60153da6d237043726f558c04ad23fcc430f1090def068ce5880c2982b1f5307d26feb6396121fd5415233675b9628e2a8a22a84e74c18f4b407f
+  data.tar.gz: a3f711c3e6997fe909af3225404472f7f4e27499b5daff2710a83e07e11292a1fd69788a2f639565aeacf5977c2c1af77d8a89b36e586c4871b68333dc530bb7

data/README.md CHANGED

@@ -2,7 +2,7 @@
 [![CircleCI](https://circleci.com/gh/appcanary/appcanary.rb.svg?style=svg)](https://circleci.com/gh/appcanary/appcanary.rb)
-[Appcanary](https://appcanary.co) is a service which keeps track of which
+[Appcanary](https://appcanary.com) is a service which keeps track of which
 versions of what packages are vulnerable to which security vulnerabilities, so
 you don't have to.
@@ -17,7 +17,7 @@ These instructions will get you going on CircleCI with a rails project.
 First, add the appcanary gem to your Gemfile:
 ```ruby
-gem "appcanary", :git => "https://github.com/appcanary/appcanary.rb"
+gem "appcanary"
 ```
 `bundle install` it to update your `Gemfile.lock`.
@@ -31,7 +31,7 @@ Appcanary.api_key = ENV["APPCANARY_API_KEY"] || "api key not set"
 Now, add the following lines to your `circle.yml` file:
 ```yaml
-dependencies:
+test:
   # [ ... other dependency bits elided ... ]
   post:
     # outputs CVEs and references
@@ -79,7 +79,7 @@ end
 ```
 This config style is perhaps best suited to use an initializer file in rails
-projects.
+projects. We suggest `config/initializers/appcanary.rb` as a good spot for that.
 Here's a static configuration which is a bit less railsish:
@@ -124,6 +124,22 @@ base_uri: "https://appcanary.com/api/v3"
 monitor_name: "my_monitor"
 ```
+### Heroku
+For Heroku rails deployments, everything should really "just work".
+1. Include the `appcanary` gem in your `Gemfile` - see previous section.
+2. Ensure you have the `api_key` set to `ENV["APPCANARY_API_KEY"]` - see previous section.
+3. Set the env var like this: `heroku config:set APPCANARY_API_KEY=xxxx -a yorapp`, where `yorapp` is replaced with the name of your Heroku application.
+4. Once deployed, try `heroku run rake appcanary:check` to verify your dependencies.
+5. Optionally, set up a regular monitor update using the heroku scheduler:
+  1. `heroku addons:create scheduler:standard` - creates a new scheduler service instance, attached to your application.
+  2. `heroku addons:open scheduler` - opens a browser window on the scheduler service UI.
+  3. Add a job that executes `rake appcanary:update_monitor` - the scheduler UI makes how to do this obvious (at the time of writing).
+Steps 1 and 2 are exactly as described in previous sections. This should get you
+going with a rails deployment on Heroku.
 ## Configuration
 As we've seen, you can configure the appcanary gem several different ways. All

data/lib/appcanary/http.rb CHANGED

@@ -32,7 +32,7 @@ module Appcanary
       end
       unless %w[200 201].include? resp.code.to_s
-        raise ServiceError.new("Failed to ship file to Appcanary: #{resp}")
+        raise ServiceError.new("Failed to ship file to Appcanary: #{resp.message}")
       end
       JSON.parse(resp.body)

data/lib/appcanary/tasks/appcanary/check.rake CHANGED

@@ -4,11 +4,21 @@ require "rake"
 def run_check
   response = Appcanary.check
   if response["meta"]["vulnerable"]
+    puts "This app has security vulnerabilities.\n\n"
+    puts "You should upgrade the following packages:"
+    puts response["data"].map { |p| p["attributes"]["name"] }.uniq
+    puts "\n\n"
+    puts "Due to the following vulnerabilities:"
     response["included"].map do |vuln|
-      vuln["attributes"]["reference-ids"]
+      vuln["id"]
     end.flatten.uniq.each do |ref|
-      puts ref
+      puts "https://appcanary.com/vulns/#{ref}"
     end
+    exit 1
   end
 rescue => e
   puts e

data/lib/appcanary/version.rb CHANGED

@@ -1,3 +1,3 @@
 module Appcanary
-  VERSION = "0.1.2"
+  VERSION = "0.1.3"
 end

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: appcanary
 version: !ruby/object:Gem::Version
-  version: 0.1.2
+  version: 0.1.3
 platform: ruby
 authors:
 - J Irving
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-01-10 00:00:00.000000000 Z
+date: 2017-04-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: multipart-post
@@ -104,7 +104,6 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".gitignore"
-- ".travis.yml"
 - Gemfile
 - README.md
 - Rakefile
@@ -140,7 +139,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.5.2
+rubygems_version: 2.5.1
 signing_key:
 specification_version: 4
 summary: Check your dependencies against Appcanary's database.

data/.travis.yml DELETED

@@ -1,5 +0,0 @@
-sudo: false
-language: ruby
-rvm:
-  - 2.3.3
-before_install: gem install bundler -v 1.13.6