Integrate bundle-audit. Add ci:check_security. Refs #2068

3 files changed, 11 insertions, 1 deletions

diff --git a/Gemfile b/Gemfile
index 364719bae..7fbbe3122 100644
--- a/Gemfile
+++ b/Gemfile
@@ -1,4 +1,4 @@
-# coding: utf-8
+# coding: iso-8859-1
 source 'http://rubygems.org'
 
 # Bundle edge Rails instead: gem 'rails', github: 'rails/rails'
@@ -141,6 +141,7 @@ group :development do
   # gem 'meta_request'
   gem 'quiet_assets', '~> 1.0'
   gem 'license_finder'
+  gem 'bundler-audit'
 
   platforms :ruby_20, :ruby_21, :ruby_22 do
     gem 'better_errors'
diff --git a/Gemfile.lock b/Gemfile.lock
index 881476e26..86ec8dc5a 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -92,6 +92,9 @@ GEM
     browserify-rails (1.1.0)
       railties (>= 4.0.0, < 5.0)
     builder (3.2.2)
+    bundler-audit (0.5.0)
+      bundler (~> 1.2)
+      thor (~> 0.18)
     calendar_helper (0.2.5)
       open4
     capistrano (2.13.5)
@@ -592,6 +595,7 @@ DEPENDENCIES
   binding_of_caller
   breadcrumbs_on_rails
   browserify-rails
+  bundler-audit
   calendar_helper (= 0.2.5)
   capistrano (= 2.13.5)
   capistrano-ext
diff --git a/lib/tasks/ci.rake b/lib/tasks/ci.rake
index 2b584c08b..e1d0e87a4 100644
--- a/lib/tasks/ci.rake
+++ b/lib/tasks/ci.rake
@@ -22,6 +22,11 @@ namespace :ci do
     git_branch.in?(deploy_envs) ? git_branch : "dev"
   end
 
+  desc "Check security aspects"
+  task :check_security do
+    sh "bundle exec bundle-audit check --update"
+  end
+
   desc "Deploy after CI"
   task :deploy do
     sh "cap #{deploy_env} deploy:migrations deploy:seed"