sysutils/rubygem-bundler-audit: Add new port

bundler-audit provides patch-level verification for Bundled Ruby
applications by auditing Gemfile.lock against a database of known
vulnerabilities.

Also add rubygem-bundle-audit as a wrapper gem that depends on
rubygem-bundler-audit, for developers who reference "bundle-audit"
instead of "bundler-audit".

sysutils/Makefile

@@ -1184,7 +1184,9 @@
     SUBDIR += rubygem-backup
     SUBDIR += rubygem-bolt
     SUBDIR += rubygem-bosh-gen
+    SUBDIR += rubygem-bundle-audit
     SUBDIR += rubygem-bundler
+    SUBDIR += rubygem-bundler-audit
     SUBDIR += rubygem-bundler_ext
     SUBDIR += rubygem-capistrano
     SUBDIR += rubygem-capistrano-ext

sysutils/rubygem-bundle-audit/Makefile

@@ -0,0 +1,19 @@
+PORTNAME=	bundle-audit
+PORTVERSION=	0.1.0
+CATEGORIES=	sysutils rubygems
+MASTER_SITES=	RG
+
+MAINTAINER=	ruby@FreeBSD.org
+COMMENT=	Wrapper for bundler-audit security scanning tool
+WWW=		https://github.com/stewartmckee/bundle-audit
+
+LICENSE=	MIT
+LICENSE_FILE=	${WRKSRC}/LICENSE.txt
+
+RUN_DEPENDS=	rubygem-bundler-audit>=0:sysutils/rubygem-bundler-audit
+
+USES=		gem
+
+NO_ARCH=	yes
+
+.include <bsd.port.mk>

sysutils/rubygem-bundle-audit/distinfo

@@ -0,0 +1,3 @@
+TIMESTAMP = 1761959388
+SHA256 (rubygem/bundle-audit-0.1.0.gem) = c8f085920cde681ba837be69c87b08598c1a7f46f70877f1b3a1711be91a7a43
+SIZE (rubygem/bundle-audit-0.1.0.gem) = 8704

sysutils/rubygem-bundle-audit/pkg-descr

@@ -0,0 +1,12 @@
+bundle-audit is a simple wrapper gem for bundler-audit. It was created to
+provide an easy way to include bundler-audit functionality for developers
+who might mistakenly require "bundle-audit" instead of "bundler-audit".
+
+This gem essentially just requires bundler-audit, which is the actual
+security auditing tool for Ruby applications. It provides patch-level
+verification for bundled Ruby applications by checking for known
+vulnerabilities in gem dependencies.
+
+The wrapper serves as a convenience for developers and ensures that
+both "bundle-audit" and "bundler-audit" references work correctly
+in Ruby applications that need security auditing capabilities.

sysutils/rubygem-bundler-audit/Makefile

@@ -0,0 +1,23 @@
+PORTNAME=	bundler-audit
+PORTVERSION=	0.9.3
+CATEGORIES=	sysutils rubygems
+MASTER_SITES=	RG
+
+MAINTAINER=	ruby@FreeBSD.org
+COMMENT=	Patch-level verification for Bundled apps
+WWW=		https://github.com/rubysec/bundler-audit
+
+LICENSE=	GPLv3+
+LICENSE_FILE=	${WRKSRC}/COPYING.txt
+
+RUN_DEPENDS=	rubygem-bundler>=1.15.0:sysutils/rubygem-bundler \
+		rubygem-thor>=1.0<2:devel/rubygem-thor
+
+USES=		gem
+
+NO_ARCH=	yes
+
+PLIST_FILES=	bin/bundle-audit \
+		bin/bundler-audit
+
+.include <bsd.port.mk>

sysutils/rubygem-bundler-audit/distinfo

@@ -0,0 +1,3 @@
+TIMESTAMP = 1773207355
+SHA256 (rubygem/bundler-audit-0.9.3.gem) = 81c8766c71e47d0d28a0f98c7eed028539f21a6ea3cd8f685eb6f42333c9b4e9
+SIZE (rubygem/bundler-audit-0.9.3.gem) = 50176

sysutils/rubygem-bundler-audit/pkg-descr

@@ -0,0 +1,18 @@
+bundler-audit provides patch-level verification for Bundled Ruby applications.
+It audits Ruby applications for known security vulnerabilities by checking
+the application's Gemfile.lock against a database of known vulnerabilities.
+
+The tool can identify:
+- Gems with known security vulnerabilities
+- Insecure gem sources (non-HTTPS)
+- Outdated gem versions
+
+bundler-audit is an essential security tool for Ruby developers and should
+be run regularly as part of a security audit process to ensure applications
+are not vulnerable to known security issues.
+
+Key features:
+- Checks Gemfile.lock for vulnerable gems
+- Updates vulnerability database automatically
+- Integration with CI/CD pipelines
+- Command-line interface for easy automation