resolve issue #810

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzer.java

@@ -50,7 +50,6 @@ import org.slf4j.LoggerFactory;
  *
  * @author Dale Visser
  */
-@Experimental
 public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
 
     /**

dependency-check-core/src/main/resources/dependencycheck.properties

@@ -97,6 +97,7 @@ analyzer.composer.lock.enabled=true
 analyzer.python.distribution.enabled=true
 analyzer.python.package.enabled=true
 analyzer.ruby.gemspec.enabled=true
+analyzer.bundle.audit.enabled=true
 analyzer.autoconf.enabled=true
 analyzer.cmake.enabled=true
 analyzer.assembly.enabled=true

src/site/markdown/analyzers/bundle-audit.md

@@ -0,0 +1,13 @@
+Ruby Bundle-audit Analyzer
+=====================
+
+OWASP dependency-check includes an analyzer that will execute [bundle-audit](https://github.com/rubysec/bundler-audit#readme)
+and include the results in the dependency-check report. This is useful for multi-language
+projects and merging the results of multiple software composition analysis tools.
+
+```shell
+$ sudo gem install bundler-audit
+$ bundle-audit update
+```
+
+Files Types Scanned: Gemfile.lock

src/site/markdown/analyzers/index.md

@@ -12,6 +12,7 @@ to extract identification information from the files analyzed.
 | [NSP](./nsp-analyzer.html) | [Node Security Project](https://nodesecurity.io) is used to analyze Node.js' `package.json` files for known vulnerable packages.|
 | [Nuspec](./nuspec-analyzer.html) | Nuget package specification file (\*.nuspec) | Uses XPath to parse specification XML. |
 | [OpenSSL](./openssl.html) | OpenSSL Version Source Header File (opensslv.h) | Regex parse of the OPENSSL_VERSION_NUMBER macro definition. |
+| [Ruby bundle-audit](./bundle-audit.html) | Ruby Gemfile.lcok files | Executes bundle-audit and incorporates the results into the dependency-check report. |
 
 Experimental Analyzers
 ----------------------