Support Ruby Gems gemspec.yml in dependency scanning

Problem to solve

Ruby gems now have a gemspec.yml , a YAML file containing the specs of a gem, including its requirements. That's something we should definitely support in dependency scanning! See https://github.com/rubysec/bundler-audit/blob/master/gemspec.yml for instance: dependencies:

thor: ~> 0.18

bundler: ">= 1.2.0, < 3"

Intended users

Further details

Proposal

Permissions and Security

Documentation

Testing

What does success look like, and how can we measure that?

What is the type of buyer?

Links / references