gem_guard 0.1.0 → 0.1.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a7210ff3d709b761cf8aa01e0c5d770f61b2801d9a9603e2608451f782aa23fb
-  data.tar.gz: c59ee85d130fca43c719d3bcff7a136364e65ec37255af0b2721e6736dc2931e
+  metadata.gz: 633376d487060ef6045bec39ca986f4845c8eebf7d2bfeca1ae5b79b7848f5d8
+  data.tar.gz: 20fddc00eb1840578c795ec810c2b25ab189940b2187ed88f3b387bf09e81b3d
 SHA512:
-  metadata.gz: ff65c5924a28cc7193569c7b50ac84234aa897d139d2d177eb3f8538a77ba627492458e40205bfb40c5845e16ecefa84a902912933f131735b1ff74d3171500e
-  data.tar.gz: 58228702c7dc55e0594f515aab361cc63afbf6840fc25657f82cdeda252078e90ab5322a1dd5b56b1861f5352c1d7d527ba5fd01b464ac52ba1b92c3e4ca8033
+  metadata.gz: 35354521a0b984df2370f5e9b2f81e9aa0e0d0888d060dd652089f15751536f35ff357b4f8b62affed894c4b8c6879f7c7107e1d08f8a5c077b864e8c0e5dd16
+  data.tar.gz: 1ef4f61f5cdc1046dad193e61e6e6e54cc7bd3cf19fcb21b4130298b192012057c5362c0d7f70ada7391272c59dd0059a05e57c652dc21c4770942e0efb5d588

data/README.md

@@ -1,8 +1,10 @@
 # GemGuard
 
 [![Gem Version](https://badge.fury.io/rb/gem_guard.svg)](https://badge.fury.io/rb/gem_guard)
-[![Build Status](https://github.com/wilbursuero/gem_guard/workflows/CI/badge.svg)](https://github.com/wilbursuero/gem_guard/actions)
+[![CI](https://github.com/wilburhimself/gem_guard/workflows/CI/badge.svg)](https://github.com/wilburhimself/gem_guard/actions/workflows/ci.yml)
+[![Release](https://github.com/wilburhimself/gem_guard/workflows/Release/badge.svg)](https://github.com/wilburhimself/gem_guard/actions/workflows/release.yml)
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+[![Security](https://img.shields.io/badge/Security-Policy-blue.svg)](SECURITY.md)
 
 Supply chain security and vulnerability management for Ruby gems. GemGuard provides developers with a comprehensive tool to detect, report, and remediate dependency-related security risks.
 
@@ -79,13 +81,34 @@ Details:
 
 ## Development
 
-After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+After checking out the repo, run `bundle install` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bundle exec rake standard` to run the linter.
 
-To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and the created tag, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+### Running Tests
+
+```bash
+bundle exec rspec          # Run all tests
+bundle exec rake standard  # Run linter
+bundle exec rake           # Run both tests and linter
+```
+
+### Releasing
+
+Releases are automated via GitHub Actions. To create a new release:
+
+1. Update the version number in `lib/gem_guard/version.rb`
+2. Commit and push to the `main` branch
+3. GitHub Actions will automatically:
+   - Run tests across multiple Ruby versions
+   - Create a git tag
+   - Generate release notes
+   - Create a GitHub release
+   - Publish to RubyGems.org
+
+The release workflow is triggered only when `lib/gem_guard/version.rb` changes.
 
 ## Contributing
 
-Bug reports and pull requests are welcome on GitHub at https://github.com/wilbursuero/gem_guard.
+Bug reports and pull requests are welcome on GitHub at https://github.com/wilburhimself/gem_guard.
 
 ## License
 

data/SECURITY.md

@@ -0,0 +1,58 @@
+# Security Policy
+
+## Supported Versions
+
+We actively support the following versions of GemGuard:
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 0.1.x   | :white_check_mark: |
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability within GemGuard, please send an email to **security@wilburhimself.com**. All security vulnerabilities will be promptly addressed.
+
+**Please do not report security vulnerabilities through public GitHub issues.**
+
+### What to include in your report
+
+- A description of the vulnerability
+- Steps to reproduce the issue
+- Potential impact of the vulnerability
+- Any suggested fixes (if you have them)
+
+### Response Timeline
+
+- **Initial Response**: Within 48 hours
+- **Status Update**: Within 7 days
+- **Resolution**: We aim to resolve critical vulnerabilities within 30 days
+
+### Disclosure Policy
+
+- We follow responsible disclosure practices
+- We will acknowledge your contribution in our security advisories (unless you prefer to remain anonymous)
+- We may offer recognition in our contributors list for significant security reports
+
+## Security Features
+
+GemGuard itself implements several security best practices:
+
+- **Input Validation**: All user inputs are validated and sanitized
+- **API Security**: Secure communication with vulnerability databases
+- **Dependency Management**: Regular updates to dependencies
+- **Code Quality**: Comprehensive testing and static analysis
+
+## Security Considerations for Users
+
+When using GemGuard:
+
+- Keep GemGuard updated to the latest version
+- Review vulnerability reports carefully before applying fixes
+- Use GemGuard in your CI/CD pipeline to catch vulnerabilities early
+- Consider the source and severity of reported vulnerabilities
+
+## Contact
+
+For security-related questions or concerns, contact:
+- Email: security@wilburhimself.com
+- GitHub: [@wilburhimself](https://github.com/wilburhimself)

data/gem_guard.gemspec

@@ -8,13 +8,13 @@ Gem::Specification.new do |spec|
 
   spec.summary = "Supply chain security and vulnerability management for Ruby gems"
   spec.description = "A comprehensive tool to detect, report, and remediate dependency-related security risks in Ruby projects. Includes CVE scanning, SBOM generation, and CI/CD integration."
-  spec.homepage = "https://github.com/wilbursuero/gem_guard"
+  spec.homepage = "https://github.com/wilburhimself/gem_guard"
   spec.license = "MIT"
   spec.required_ruby_version = ">= 3.0.0"
 
   spec.metadata["homepage_uri"] = spec.homepage
-  spec.metadata["source_code_uri"] = "https://github.com/wilbursuero/gem_guard"
-  spec.metadata["changelog_uri"] = "https://github.com/wilbursuero/gem_guard/blob/main/CHANGELOG.md"
+  spec.metadata["source_code_uri"] = "https://github.com/wilburhimself/gem_guard"
+  spec.metadata["changelog_uri"] = "https://github.com/wilburhimself/gem_guard/blob/main/CHANGELOG.md"
 
   spec.files = Dir.chdir(__dir__) do
     `git ls-files -z`.split("\x0").reject do |f|
@@ -26,10 +26,10 @@ Gem::Specification.new do |spec|
   spec.executables = spec.files.grep(%r{\Aexe/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
 
-  spec.add_dependency "bundler", ">= 2.0"
   spec.add_dependency "thor", "~> 1.0"
   spec.add_dependency "json", "~> 2.0"
 
+  spec.add_development_dependency "bundler", ">= 2.0"
   spec.add_development_dependency "rspec", "~> 3.0"
   spec.add_development_dependency "standard", "~> 1.3"
 end

data/lib/gem_guard/version.rb

@@ -1,3 +1,3 @@
 module GemGuard
-  VERSION = "0.1.0"
+  VERSION = "0.1.4"
 end

metadata

@@ -1,54 +1,55 @@
 --- !ruby/object:Gem::Specification
 name: gem_guard
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.1.4
 platform: ruby
 authors:
 - Wilbur Suero
+autorequire:
 bindir: exe
 cert_chain: []
 date: 2025-08-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: bundler
+  name: thor
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: '1.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: '1.0'
 - !ruby/object:Gem::Dependency
-  name: thor
+  name: json
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '2.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '2.0'
 - !ruby/object:Gem::Dependency
-  name: json
+  name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '2.0'
-  type: :runtime
+  type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '2.0'
 - !ruby/object:Gem::Dependency
@@ -93,7 +94,9 @@ files:
 - LICENSE.txt
 - README.md
 - Rakefile
+- SECURITY.md
 - exe/gem_guard
+- gem_guard-0.1.0.gem
 - gem_guard.gemspec
 - lib/gem_guard.rb
 - lib/gem_guard/analyzer.rb
@@ -103,13 +106,14 @@ files:
 - lib/gem_guard/version.rb
 - lib/gem_guard/vulnerability_fetcher.rb
 - plan.md
-homepage: https://github.com/wilbursuero/gem_guard
+homepage: https://github.com/wilburhimself/gem_guard
 licenses:
 - MIT
 metadata:
-  homepage_uri: https://github.com/wilbursuero/gem_guard
-  source_code_uri: https://github.com/wilbursuero/gem_guard
-  changelog_uri: https://github.com/wilbursuero/gem_guard/blob/main/CHANGELOG.md
+  homepage_uri: https://github.com/wilburhimself/gem_guard
+  source_code_uri: https://github.com/wilburhimself/gem_guard
+  changelog_uri: https://github.com/wilburhimself/gem_guard/blob/main/CHANGELOG.md
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -124,7 +128,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.6.2
+rubygems_version: 3.5.22
+signing_key:
 specification_version: 4
 summary: Supply chain security and vulnerability management for Ruby gems
 test_files: []