OWASP dependency-check includes an analyzer that will scan Ruby Gem specifications. The analyzer will collect as much information as it can about the Gem. The information collected is internally referred to as evidence and is grouped into vendor, product, and version buckets. Other analyzers later use this evidence to identify any Common Platform Enumeration (CPE) identifiers that apply.
Note: Also consider using the Ruby bundler-audit tool.
Files Types Scanned: Rakefile, *.gemspec
