Secure your projects and reduce technical debt

Gemnasium is a SaaS to monitor projects dependencies.

Why should I use Gemnasium?

  • Gemnasium will check the code you don't write, but shipping within your app to production
  • The effort to update an old project will increase exponentially with the obsolescence of code / dependencies. Online projects must be maintained to protect your data and customer.
  • APIs evolves everyday. Some libraries can stop working if consumer code is obsolete.
  • Vulnerabilities are found almost every day, are you sure to follow each advisory? What if you're on holidays? Your projects may be exposed if you have certain versions of packages. Gemnasium helps you to identify instantly them, based on their dependencies requirement.
  • Libraries are improved. Code is cleaned-up, and may offer better performances.
  • Libraries are fixed. Newest versions often fix bugs, why would you keep a bugged version?
  • Gemnasium provides changelogs between the version you are using, and the one recommended.
  • Gemnasium is 100% free for open-source projects.
  • Gemnasium can auto-update your project, and will create a pull request for you

How does it work?

Gemnasium will scan projects repositories, looking for dependency files (Gemfile, Gemfile.lock, gemspec, package.json, npm-shrinkwrap.json, etc.). A color code will be applied to the project, based of the dependencies status:

  • Green: Your project is up-to-date
  • Yellow: Your project is using outdated deps
  • Red: Your project must be updated

Check your projects now

Start receiving alerts about important updates and security vulnerabilities: Your project might be using a dangerous dependency, we will notify you as soon as advisories are public and affect your projects.

Focus on your code, and stop spending time on checking your deps.

Sign-up on for free.