How do you do compliance checks?


I am taking over a project in Health Tech with some already established infrastructure. I will be leading the tech office and the first thing I want to do is to make sure we are compliant with a lot of requirements.


I wanted to stay current and see if anyone here is as crazy as me to do compliance/security checks for gems and dependencies running over users data.

We use gemsurance and bundle-audit to check we are up to date on gem versions and report any CVEs


Twistlock is also pretty good for ticking some of those boxes.

1 Like

We run bundler audit and brakeman for all apps.

1 Like

Very helpful and informative. Thank for sharing this post.