From 065ecf9b2e5bc5b1b8665c44aeae2c62e6c12492 Mon Sep 17 00:00:00 2001
From: Ryan Desfosses <rdes@protonmail.com>
Date: Sat, 20 Feb 2021 14:32:22 -0500
Subject: [PATCH 2/3] gnu: Add bundler-audit

* gnu/packages/ruby.scm (bundler-audit): New variable.
---
 gnu/packages/ruby.scm | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/gnu/packages/ruby.scm b/gnu/packages/ruby.scm
index ecca0b8bf4..5be7638600 100644
--- a/gnu/packages/ruby.scm
+++ b/gnu/packages/ruby.scm
@@ -12164,3 +12164,37 @@ options.")
 an IP address.  Both IPv4 and IPv6 are supported.")
     (home-page "https://github.com/ruby/ipaddr")
     (license license:bsd-2)))
+
+(define-public bundler-audit
+  (package
+    (name "bundler-audit")
+    (version "0.7.0.1")
+    (source
+     (origin
+       (method git-fetch)
+       (uri (git-reference
+             (url "https://github.com/rubysec/bundler-audit")
+             (commit (string-append "v" version))))
+       (file-name (git-file-name name version))
+       (sha256
+        (base32
+         "1qzr8fwik5g95n0nvhfyz6rrhr3cvnzv8jzzaz5z3j57hi20d39i"))))
+    (build-system ruby-build-system)
+    (arguments `(#:tests? #f)); FIXME: some test failures
+    (inputs
+     `(("libgit2" ,libgit2)))
+    (propagated-inputs
+     `(("bundler" ,bundler)
+       ("ruby-thor" ,ruby-thor)))
+    (native-inputs
+     `(("ruby-rake" ,ruby-rake)
+       ("ruby-kramdown" ,ruby-kramdown)
+       ("ruby-rubygems-tasks" ,ruby-rubygems-tasks)
+       ("ruby-rspec" ,ruby-rspec)
+       ("ruby-yard" ,ruby-yard)
+       ("ruby-simplecov" ,ruby-simplecov)))
+    (synopsis "Patch-level verification for Bundler")
+    (description "Checks for vulnerable versions of gems in
+Gemfile.lock as well as insecure gem sources (http://).")
+    (home-page "https://github.com/rubysec/bundler-audit")
+    (license license:gpl3)))
-- 
2.30.1