Hamburger Cross Icon
Ruby Collector - Lunar Collector

Ruby Collector

Collector Beta LanguagesBuild

Analyze Ruby projects to collect Bundler metadata, dependencies, Ruby version, and CI/CD command tracking. Detects Gemfile, .ruby-version, Rakefile, and gemspec files.

Add ruby to your lunar-config.yml:
uses: github://earthly/lunar-lib/collectors/ruby@v1.0.5
Get Started View on GitHub

What This Integration Collects

This integration includes 7 collectors that gather metadata from your systems.

Collector code

project

Analyzes Ruby project structure by detecting Gemfile, Gemfile.lock, .ruby-version, Rakefile, and .gemspec files. Extracts the Ruby version from .ruby-version or the Gemfile ruby directive. Detects build systems (Bundler, Rake). Writes project metadata to .lang.ruby.

ruby gemfile bundler project structure ruby-version
Book a demo
Collector code

dependencies

Extracts direct and development dependencies from Gemfile and Gemfile.lock. Captures gem name, version constraint, and dependency group (default, development, test). Writes dependency data to .lang.ruby.dependencies.

ruby dependencies bundler gems supply chain packages
Book a demo
Collector ci-before-command

cicd

Records every ruby command executed in CI pipelines along with the Ruby runtime version. Writes command strings and version info to .lang.ruby.cicd for audit trails and build reproducibility analysis.

ruby ci ruby version ci commands build tracking
Book a demo
Collector ci-before-command

bundler-cicd

Records every bundle command executed in CI pipelines along with the Bundler version. Writes command strings and version info to .lang.ruby.bundler.cicd.

bundler ci bundle version ci commands dependency management
Book a demo
Collector ci-before-command

rake-cicd

Records every rake command executed in CI pipelines along with the Rake version. Writes command strings and version info to .lang.ruby.rake.cicd.

rake ci rake version ci commands build automation
Book a demo
Collector code

bundler-audit

Runs bundler-audit against Gemfile.lock to check for known vulnerabilities in gem dependencies. Requires Gemfile.lock to be present. Writes advisory details including gem name, version, CVE, and severity to .lang.ruby.bundler_audit.

bundler-audit vulnerabilities security gem audit CVE
Book a demo
Collector ci-after-command

bundler-audit-cicd

Parses bundle audit results after the command completes in CI. Extracts vulnerability advisories including gem name, installed version, advisory ID, and severity. Writes results to .lang.ruby.bundler_audit.

bundler-audit vulnerabilities security gem audit
Book a demo

How Collectors Fit into Lunar

Lunar watches your code and CI/CD systems to collect SDLC data from config files, test results, IaC, deployment configurations, security scans, and more.

Collectors are the automatic data-gathering layer. They extract structured metadata from your repositories and pipelines, feeding it into Lunar's centralized database where guardrails evaluate it to enforce your engineering standards.

Learn How Lunar Works
1
Collectors Gather Data This Integration
Triggered by code changes or CI pipelines, collectors extract metadata from config files, tool outputs, test results, and scans
2
{ } Centralized as JSON
All data merged into each component's unified metadata document
3
Guardrails Enforce Standards
Real-time feedback in PRs and AI workflows

Example Collected Data

This collector writes structured metadata to the Component JSON. Here's an example of the data it produces:

{ } component.json Component JSON 
{
  "lang": {
    "ruby": {
      "version": "3.2.2",
      "build_systems": ["bundler", "rake"],
      "gemfile_exists": true,
      "gemfile_lock_exists": true,
      "ruby_version_file_exists": true,
      "rakefile_exists": true,
      "gemspec_files": ["my_gem.gemspec"],
      "source": { "tool": "ruby", "integration": "code" },
      "cicd": {
        "cmds": [
          { "cmd": "ruby app.rb", "version": "3.2.2" }
        ]
      },
      "bundler": {
        "cicd": {
          "cmds": [
            { "cmd": "bundle install", "version": "2.4.22" }
          ]
        }
      },
      "rake": {
        "cicd": {
          "cmds": [
            { "cmd": "rake test", "version": "13.1.0" }
          ]
        }
      },
      "bundler_audit": {
        "vulnerabilities": [
          {
            "gem": "actionpack",
            "version": "7.0.4",
            "advisory": "CVE-2023-22795",
            "title": "ReDoS vulnerability in Accept header parsing",
            "criticality": "High"
          }
        ],
        "source": { "tool": "bundler-audit", "integration": "ci" }
      },
      "dependencies": {
        "direct": [
          { "name": "rails", "version": "7.1.3", "group": "default" },
          { "name": "pg", "version": "1.5.4", "group": "default" }
        ],
        "development": [
          { "name": "rspec", "version": "3.12.0", "group": "development" },
          { "name": "rubocop", "version": "1.60.0", "group": "development" }
        ],
        "source": { "tool": "bundler", "integration": "code" }
      }
    }
  }
}

Related

Policy Devex Build And Ci
Ruby Project Guardrails

Ruby project guardrails using collected metadata
Policy Testing And Quality
Testing Guardrails

Testing guardrails including coverage thresholds using collected metrics

Documentation

View on GitHub

Ruby Collector

Collects Ruby project information, CI/CD commands, dependencies, and bundler-audit results.

Overview

This collector gathers metadata about Ruby projects including Bundler configuration, dependency graphs, Ruby version detection, and CI/CD command tracking. It detects Gemfile, Gemfile.lock, .ruby-version, Rakefile, and .gemspec files. The CI-hook collectors observe and collect data from ruby, bundle, and rake commands that your CI pipeline already runs.

Collected Data

This collector writes to the following Component JSON paths:

Path Type Description
.lang.ruby object Ruby project metadata (version, build systems)
.lang.ruby.version string Ruby version from .ruby-version or Gemfile
.lang.ruby.build_systems array Build systems detected (e.g., ["bundler", "rake"])
.lang.ruby.gemfile_exists boolean Gemfile detected
.lang.ruby.gemfile_lock_exists boolean Gemfile.lock detected
.lang.ruby.ruby_version_file_exists boolean .ruby-version file detected
.lang.ruby.rakefile_exists boolean Rakefile detected
.lang.ruby.gemspec_files array List of .gemspec files found
.lang.ruby.cicd object CI/CD ruby command tracking with version
.lang.ruby.bundler.cicd object CI/CD bundle command tracking with version
.lang.ruby.rake.cicd object CI/CD rake command tracking with version
.lang.ruby.bundler_audit object Bundler-audit vulnerability results
.lang.ruby.dependencies object Direct and development dependencies

Collectors

This plugin provides the following collectors (use include to select a subset):

Collector Hook Type Description
project code Collects project structure, Ruby version, build systems, gemspec files
dependencies code Collects dependency graph from Gemfile and Gemfile.lock
cicd ci-before-command Tracks ruby commands run in CI with version info
bundler-cicd ci-before-command Tracks bundle commands run in CI with version info
rake-cicd ci-before-command Tracks rake commands run in CI with version info
bundler-audit code Auto-runs bundler-audit against Gemfile.lock for vulnerability detection
bundler-audit-cicd ci-after-command Parses bundler-audit vulnerability results from CI

Installation

Add to your lunar-config.yml:

collectors:
  - uses: github://earthly/lunar-lib/collectors/ruby@main
    on: ["domain:your-domain"]  # replace with your own domain or tags
    # include: [project, dependencies]  # Only include specific subcollectors

The CI-hook collectors (cicd, bundler-cicd, rake-cicd, bundler-audit-cicd) require a GitHub Actions workflow that runs on a Lunar-enabled runner. Example steps:

jobs:
  build:
    runs-on: your-lunar-runner
    steps:
      - uses: actions/checkout@v4
      - run: bundle install
      - run: ruby --version
      - run: bundle exec rake
      - run: |
          gem install bundler-audit --no-document
          bundle audit update
          bundle audit check || true

Each step triggers the corresponding CI hook collector, which captures command versions and output for the Component JSON.

Open Source

This collector is open source and available on GitHub. Contribute improvements, report issues, or fork it for your own use.

View Repository

Common Use Cases

Explore guardrails that use data from Ruby Collector.

+
Gemfile Exists + Ruby Collector Ensures the project has a Gemfile for dependency management. Required for all...
+
Lockfile Exists + Ruby Collector Ensures the project has a Gemfile.lock for reproducible dependency resolution....
+
Ruby Version Set + Ruby Collector Ensures the Ruby version is explicitly specified via a .ruby-version file or a...
+
Bundler Audit Clean + Ruby Collector Ensures bundler-audit reports no known vulnerabilities in the project's gem...
+
Min Ruby Version + Ruby Collector Ensures the project uses at least the minimum required Ruby version. Helps...
+
Min Ruby Version Cicd + Ruby Collector Ensures the Ruby version used in CI/CD commands meets the minimum required...
+
Min Bundler Version Cicd + Ruby Collector Ensures the Bundler version used in CI/CD commands meets the minimum required...
+
Min Rake Version Cicd + Ruby Collector Ensures the Rake version used in CI/CD commands meets the minimum required...

Ready to Automate Your Standards?

See how Lunar can turn your AGENTS.md, engineering wiki, compliance docs, or postmortem action items into automated guardrails with our 100+ built-in guardrails.

Works with any process
check AI agent rules & prompt files
check Post-mortem action items
check Security & compliance policies
check Testing & quality requirements
Automate Now
Paste your AGENTS.md or manual process doc and get guardrails in minutes
Book a Demo