So this is nascent thing, linking CVEs to rubygems https://twitter.com/jm/status/301735569527033856
Service idea:
- Send your Gemfile.lock to a service, get emailed when a pertinent CVE becomes known
- Easy tie-in via GitHub OAuth and their webhook push API
- Almost-as-easy tie-in for other platforms (storage and deploy) via after-commit hooks (efficient via etags)
by "storage and deploy platforms" i basically mean bitbucket, gitlab, heroku