Gemfile

source "https://rubygems.org"

Gemfile.lock

GEM
  remote: https://rubygems.org/
  specs:

PLATFORMS
  ruby

DEPENDENCIES

gemfile_deps.rb

require "bundler"
require "net/http"
require "openssl"
require "uri"

VULNERABLE = %w{rails rack jquery-rails jquery-ujs}

repos = %w{
  https://github.com/alphagov/signonotron2
  https://github.com/alphagov/frontend
  https://github.com/alphagov/maslow
  https://github.com/alphagov/short-url-manager
  https://github.com/alphagov/support
  https://github.com/alphagov/specialist-publisher
  https://github.com/alphagov/publisher
  https://github.com/alphagov/whitehall
  https://github.com/alphagov/govuk_content_api
  https://github.com/alphagov/travel-advice-publisher
  https://github.com/alphagov/govuk_need_api
  https://github.com/alphagov/release
  https://github.com/alphagov/metadata-api
  https://github.com/alphagov/info-frontend
  https://github.com/alphagov/feedback
  https://github.com/alphagov/government-frontend
  https://github.com/alphagov/support-api
  https://github.com/alphagov/external-link-tracker
  https://github.com/alphagov/specialist-frontend
}

def lockfile_for(repo)
  repo = repo.split("/")[-2..-1].join("/")
  uri = URI.parse("https://raw.githubusercontent.com/#{repo}/master/Gemfile.lock")
  http = Net::HTTP.new(uri.host, uri.port)
  http.use_ssl = true
  http.verify_mode = OpenSSL::SSL::VERIFY_NONE

  request = Net::HTTP::Get.new(uri.request_uri)

  response = http.request(request)
  response.body
end

def gem_statuses(repo)
  lockfile = Bundler::LockfileParser.new(lockfile_for(repo))

  Hash[lockfile.specs
    .select { |d| VULNERABLE.include? d.name }
    .map { |s| [s.name, s.version.to_s] }]
end

puts "repo\t#{VULNERABLE.join("\t")}"
repos.each do |repo|
  gems = gem_statuses(repo)
  puts "#{repo}\t" + VULNERABLE.map { |g| gems[g] }.join("\t")
end