Wait, so does Gemnasium run my Gemfile?

Gemfiles and gemspecs are just Ruby and while it would be nice to evaluate them directly, the first person to add rm -rf / to their Gemfile spoils everybody’s fun.

So no, Gemnasium does not run your Ruby code. It uses gemnasium-parser to parse the Ruby using regular expressions and look for specific methods: gem and gemspec for a Gemfile and theadd_dependency varieties for a gemspec. Your requires and conditionals are ignored.

