gem_guard 0.1.6 → 0.1.10

data/templates/circleci-config.yml

@@ -0,0 +1,107 @@
+# CircleCI configuration for GemGuard security scanning
+# Copy this content to .circleci/config.yml in your repository
+
+version: 2.1
+
+orbs:
+  ruby: circleci/ruby@2.1.0
+
+jobs:
+  security-scan:
+    docker:
+      - image: cimg/ruby:3.3
+    parameters:
+      ruby-version:
+        type: string
+        default: "3.3"
+    steps:
+      - checkout
+      
+      - ruby/install-deps:
+          bundler-version: "2.4.0"
+          
+      - run:
+          name: Install GemGuard
+          command: gem install gem_guard
+          
+      - run:
+          name: Run vulnerability scan
+          command: |
+            echo "Running GemGuard security scan..."
+            gem_guard scan --format json --output security-report.json
+            gem_guard scan --format table
+            
+      - run:
+          name: Generate SBOM
+          command: |
+            echo "Generating Software Bill of Materials..."
+            gem_guard sbom --format spdx --output sbom-spdx.json
+            gem_guard sbom --format cyclone-dx --output sbom-cyclone.json
+            
+      - store_artifacts:
+          path: security-report.json
+          destination: security-reports/
+          
+      - store_artifacts:
+          path: sbom-spdx.json
+          destination: sbom/
+          
+      - store_artifacts:
+          path: sbom-cyclone.json
+          destination: sbom/
+          
+      - run:
+          name: Check for vulnerabilities
+          command: |
+            if [ -f security-report.json ]; then
+              VULN_COUNT=$(ruby -rjson -e "puts JSON.parse(File.read('security-report.json'))['vulnerabilities']&.length || 0")
+              echo "Found $VULN_COUNT vulnerabilities"
+              
+              if [ "$VULN_COUNT" -gt 0 ]; then
+                echo "⚠️ Vulnerabilities detected! Check the artifacts for details."
+                exit 1
+              else
+                echo "✅ No vulnerabilities found!"
+              fi
+            fi
+
+  security-scan-matrix:
+    docker:
+      - image: cimg/ruby:<< parameters.ruby-version >>
+    parameters:
+      ruby-version:
+        type: string
+    steps:
+      - checkout
+      - ruby/install-deps
+      - run:
+          name: Install GemGuard
+          command: gem install gem_guard
+      - run:
+          name: Security scan for Ruby << parameters.ruby-version >>
+          command: |
+            gem_guard scan --format json --output security-report-<< parameters.ruby-version >>.json
+            gem_guard scan
+      - store_artifacts:
+          path: security-report-<< parameters.ruby-version >>.json
+
+workflows:
+  security-checks:
+    jobs:
+      - security-scan:
+          name: security-scan-main
+          
+  security-matrix:
+    jobs:
+      - security-scan-matrix:
+          matrix:
+            parameters:
+              ruby-version: ["3.1", "3.2", "3.3"]
+          name: security-scan-ruby-<< matrix.ruby-version >>
+    triggers:
+      - schedule:
+          cron: "0 2 * * *"  # Daily at 2 AM UTC
+          filters:
+            branches:
+              only:
+                - main

data/templates/github-actions.yml

@@ -0,0 +1,85 @@
+# GitHub Actions workflow for GemGuard security scanning
+# Copy this file to .github/workflows/gemguard.yml in your repository
+
+name: Security Scan with GemGuard
+
+on:
+  push:
+    branches: [ main, develop ]
+  pull_request:
+    branches: [ main ]
+  schedule:
+    # Run daily at 2 AM UTC
+    - cron: '0 2 * * *'
+
+jobs:
+  security-scan:
+    runs-on: ubuntu-latest
+    
+    strategy:
+      matrix:
+        ruby-version: ['3.1', '3.2', '3.3']
+    
+    steps:
+    - uses: actions/checkout@v4
+    
+    - name: Set up Ruby ${{ matrix.ruby-version }}
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: ${{ matrix.ruby-version }}
+        bundler-cache: true
+    
+    - name: Install GemGuard
+      run: gem install gem_guard
+    
+    - name: Run GemGuard vulnerability scan
+      run: |
+        gem_guard scan --format json --output security-report.json
+        gem_guard scan --format table
+    
+    - name: Generate SBOM
+      run: |
+        gem_guard sbom --format spdx --output sbom-spdx.json
+        gem_guard sbom --format cyclone-dx --output sbom-cyclone.json
+    
+    - name: Upload security artifacts
+      uses: actions/upload-artifact@v4
+      if: always()
+      with:
+        name: security-reports-ruby-${{ matrix.ruby-version }}
+        path: |
+          security-report.json
+          sbom-spdx.json
+          sbom-cyclone.json
+        retention-days: 30
+    
+    - name: Comment PR with security report
+      if: github.event_name == 'pull_request'
+      uses: actions/github-script@v7
+      with:
+        script: |
+          const fs = require('fs');
+          try {
+            const report = fs.readFileSync('security-report.json', 'utf8');
+            const data = JSON.parse(report);
+            
+            if (data.vulnerabilities && data.vulnerabilities.length > 0) {
+              const comment = `## 🚨 Security Vulnerabilities Found
+              
+              GemGuard detected ${data.vulnerabilities.length} vulnerabilities in this PR.
+              
+              Please review the security report artifact for details.
+              
+              **High/Critical vulnerabilities:** ${data.high_severity_count || 0}
+              `;
+              
+              github.rest.issues.createComment({
+                issue_number: context.issue.number,
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                body: comment
+              });
+            }
+          } catch (error) {
+            console.log('No security report found or error reading report');
+          }

data/templates/gitlab-ci.yml

@@ -0,0 +1,112 @@
+# GitLab CI configuration for GemGuard security scanning
+# Copy this content to your .gitlab-ci.yml file
+
+stages:
+  - security
+  - report
+
+variables:
+  BUNDLE_PATH: vendor/bundle
+  BUNDLE_JOBS: 4
+  BUNDLE_RETRY: 3
+
+.ruby_template: &ruby_template
+  image: ruby:3.3
+  before_script:
+    - gem install bundler
+    - bundle install --path $BUNDLE_PATH
+    - gem install gem_guard
+  cache:
+    key: gems-$CI_COMMIT_REF_SLUG
+    paths:
+      - vendor/bundle/
+
+security_scan:
+  <<: *ruby_template
+  stage: security
+  script:
+    - echo "Running GemGuard security scan..."
+    - gem_guard scan --format json --output security-report.json
+    - gem_guard scan --format table
+    - echo "Generating SBOM..."
+    - gem_guard sbom --format spdx --output sbom-spdx.json
+    - gem_guard sbom --format cyclone-dx --output sbom-cyclone.json
+  artifacts:
+    reports:
+      # GitLab security report format (if you want to convert)
+      dependency_scanning: security-report.json
+    paths:
+      - security-report.json
+      - sbom-spdx.json
+      - sbom-cyclone.json
+    expire_in: 30 days
+    when: always
+  allow_failure: false
+  only:
+    - main
+    - develop
+    - merge_requests
+
+security_scan_ruby_3_1:
+  <<: *ruby_template
+  image: ruby:3.1
+  stage: security
+  script:
+    - gem_guard scan --format json --output security-report-ruby31.json
+    - gem_guard scan
+  artifacts:
+    paths:
+      - security-report-ruby31.json
+    expire_in: 7 days
+  only:
+    - schedules
+
+security_scan_ruby_3_2:
+  <<: *ruby_template
+  image: ruby:3.2
+  stage: security
+  script:
+    - gem_guard scan --format json --output security-report-ruby32.json
+    - gem_guard scan
+  artifacts:
+    paths:
+      - security-report-ruby32.json
+    expire_in: 7 days
+  only:
+    - schedules
+
+# Optional: Create a summary report
+security_report:
+  stage: report
+  image: alpine:latest
+  before_script:
+    - apk add --no-cache jq
+  script:
+    - |
+      echo "## Security Scan Summary" > security-summary.md
+      echo "" >> security-summary.md
+      if [ -f security-report.json ]; then
+        VULN_COUNT=$(jq '.vulnerabilities | length' security-report.json)
+        HIGH_COUNT=$(jq '.high_severity_count // 0' security-report.json)
+        echo "- **Total vulnerabilities found:** $VULN_COUNT" >> security-summary.md
+        echo "- **High/Critical severity:** $HIGH_COUNT" >> security-summary.md
+        echo "" >> security-summary.md
+        
+        if [ "$VULN_COUNT" -gt 0 ]; then
+          echo "⚠️ **Action required:** Please review and address the identified vulnerabilities." >> security-summary.md
+        else
+          echo "✅ **No vulnerabilities found!**" >> security-summary.md
+        fi
+      else
+        echo "❌ **Error:** Security report not found." >> security-summary.md
+      fi
+      cat security-summary.md
+  artifacts:
+    paths:
+      - security-summary.md
+    expire_in: 30 days
+  dependencies:
+    - security_scan
+  only:
+    - main
+    - develop

data/test_nokogiri.lock

@@ -0,0 +1,13 @@
+GEM
+  remote: https://rubygems.org/
+  specs:
+    nokogiri (1.18.8)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  nokogiri
+
+BUNDLED WITH
+   2.4.10

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: gem_guard
 version: !ruby/object:Gem::Version
-  version: 0.1.6
+  version: 0.1.10
 platform: ruby
 authors:
 - Wilbur Suero
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2025-08-09 00:00:00.000000000 Z
+date: 2025-08-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thor
@@ -96,17 +96,22 @@ files:
 - Rakefile
 - SECURITY.md
 - exe/gem_guard
-- gem_guard-0.1.0.gem
 - gem_guard.gemspec
 - lib/gem_guard.rb
 - lib/gem_guard/analyzer.rb
 - lib/gem_guard/cli.rb
+- lib/gem_guard/config.rb
 - lib/gem_guard/parser.rb
 - lib/gem_guard/reporter.rb
 - lib/gem_guard/sbom_generator.rb
+- lib/gem_guard/typosquat_checker.rb
 - lib/gem_guard/version.rb
 - lib/gem_guard/vulnerability_fetcher.rb
 - plan.md
+- templates/circleci-config.yml
+- templates/github-actions.yml
+- templates/gitlab-ci.yml
+- test_nokogiri.lock
 homepage: https://github.com/wilburhimself/gem_guard
 licenses:
 - MIT