Show HN: GemGuard: Ruby gem to scan and auto-fix vulnerable dependencies

1 wilburhimself 0 8/11/2025, 2:22:32 PM github.com ↗

Hi HN,

I created GemGuard, an open source Ruby tool aimed at improving supply chain security for Ruby projects.

Ruby developers often trust their Gemfile.lock without much scrutiny, but issues like typosquatting, unpatched vulnerabilities, and lack of SBOM (Software Bill of Materials) generation remain significant risks.

GemGuard helps by:

Scanning your Gemfile.lock against OSV.dev and Ruby Advisory Database CVEs

Detecting suspicious typosquatted gems with fuzzy string matching

Generating SPDX and CycloneDX SBOMs for compliance and transparency

Offering an auto-fix command that safely upgrades vulnerable gems and backs up your lockfile

Integrating easily with CI/CD workflows for continuous security

It’s lightweight, Ruby-first, and designed to be part of your normal dev workflow, not an afterthought.

You can check it out here: GitHub: https://github.com/wilburhimself/gem_guard

I’m open to feedback, critiques, and contributions. If you try it, I’d love to hear how it works for your projects or any gaps you discover.

Thanks for reading!

Trellis (YC W24) Is Hiring: Automate Prior Auth in Healthcare (ycombinator.com)

Type (YC W23) is hiring a founding engineer to build an AI-native doc editor (ycombinator.com)

Foundry (YC F24) is hiring staff-level product engineers (ycombinator.com)

GoGoGrandparent (YC S16) Is Hiring Back End and Full-Stack Engineers

Kyber (YC W23) is hiring enterprise account executives (ycombinator.com)

Converge (YC S23) well-capitalized New York startup seeks product developers (runconverge.com)

Great Question (YC W21) Is Hiring a VP of Engineering (Remote) (ycombinator.com)

Coverage Cat (YC S22) Is Hiring a Senior, Staff, or Principal Engineer (coveragecat.com)

Kaizen (YC X25) is hiring engineers to build browser agents that work (kaizenautomation.com)

Infracost (YC W21) hiring first PM to shift $600B cloud spend to proactive (ycombinator.com)

Sei (YC W22) Is Hiring a Full Stack Engineer in Chennai, India (ycombinator.com)

Artie (YC S23) Is Hiring Founding AEs (ycombinator.com)

Cedana (YC S23) Is Hiring a Systems Engineer (ycombinator.com)

CodeCrafters (YC S22) is hiring first Marketing Person (ycombinator.com)

PAX Markets (YC W25) is hiring a founding principal hardware (RTL) engineer (ycombinator.com)

Sendblue (YC S23) is hiring senior engineers (ycombinator.com)

Thunder Compute (YC S24) Is Hiring a C++ Systems Engineer (ycombinator.com)

Optery (YC W22) Is Hiring in Engineering, Legal, Sales, Marketing (U.S., Latam) (optery.com)

QuestDB (YC S20) Is Hiring a Technical Content Lead (questdb.com)

Depot (YC W23) Is Hiring a Technical Content Writer (Remote) (ycombinator.com)

Firebender (YC W24) Is Hiring (ycombinator.com)

Better Auth (YC X25) Is Hiring (ycombinator.com)

Kapa.ai (YC S23) is hiring a software engineers (EU remote) (ycombinator.com)

Spice Data (YC S19) Is Hiring a Product Associate (New Grad) (ycombinator.com)

Extend (YC W23) is hiring engineers to build SOTA document processing (jobs.ashbyhq.com)

Piramidal (YC W24) is hiring a full stack engineer (ycombinator.com)

Mango Health (YC W24) Is Hiring (ycombinator.com)

Resolve (YC W15) Is Hiring an Operations and Billing Lead for Construction VR

Arva AI (YC S24) Is Hiring an AI Research Engineer (London, UK) (arva.ai)

Rejoy Health (YC W21) Is Hiring (ycombinator.com)

Weave (YC W25) is hiring an AI engineer (ycombinator.com)

Show HN: GemGuard: Ruby gem to scan and auto-fix vulnerable dependencies

Comments (0)