in the past we've used the free service of GemCanary to automatically
check gems for security issues, which would periodically look at
Gemfile.lock on github and send us a mail if anything's outdated.
They've stopped that service and renamed to AppCanary
), which is a service that runs on the server
itself, checks out the Gemfile.lock and system packages, and sends a
mail to in...@opensnp.org
They've told us that it's OK that we don't pay since it's open source
and no direct funding agency so I've signed us up, but the app doesn't
work on our relatively old OS.
I'll set it up once the move has finished.