Class: Gem::Guardian::RegistryAudit

Inherits:
Object
  • Object
show all
Defined in:
lib/gem/guardian/registry_audit.rb

Overview

Audits provenance support across gems visible from configured registry sources.

The audit intentionally verifies provenance metadata only. It does not download every artifact by default because a full checksum audit of a registry can be expensive and unfriendly to remote services. Project-level checksum verification remains the responsibility of gem-guardian verify and Bundler lockfiles.

Defined Under Namespace

Classes: EntryResult, Result

Instance Method Summary collapse

Constructor Details

#initialize(registry: Registry.new, provenance_verifier: ProvenanceVerifier.new) ⇒ RegistryAudit

Returns a new instance of RegistryAudit.

Parameters:

  • registry (Registry) (defaults to: Registry.new)

    registry enumerator

  • provenance_verifier (ProvenanceVerifier) (defaults to: ProvenanceVerifier.new)

    provenance checker



63
64
65
66
 
# File 'lib/gem/guardian/registry_audit.rb', line 63

def initialize(registry: Registry.new, provenance_verifier: ProvenanceVerifier.new)
  @registry = registry
  @provenance_verifier = provenance_verifier
end

Instance Method Details

#run(limit: nil) ⇒ Result

Runs the audit.

Parameters:

  • limit (Integer, nil) (defaults to: nil)

    maximum number of latest entries to inspect

Returns:

  • (Result)

    aggregate audit result containing per-gem provenance outcomes



72
73
74
75
76
77
78
 
# File 'lib/gem/guardian/registry_audit.rb', line 72

def run(limit: nil)
  Result.new(
    @registry.each_latest_spec(limit:).map do |entry|
      EntryResult.new(entry:, provenance: @provenance_verifier.verify(entry.dependency))
    end
  )
end