Ruby

Trivy supports Bundler and RubyGems. The following scanners are supported for Bundler and RubyGems.

Package manager	SBOM	Vulnerability	License
Bundler	✓	✓	-
RubyGems	✓	✓	✓

The following table provides an outline of the features Trivy offers.

Package manager	File	Transitive dependencies	Dev dependencies	Dependency graph	Position
Bundler	Gemfile.lock	✓	Included	✓	✓
RubyGems	.gemspec	-	Included	-	-

Trivy searches for Gemfile.lock to detect dependencies.

.gemspec files doesn't contains transitive dependencies. You need to scan each .gemspec file separately.