Use Bundler

1. bundle init
2. bundle install

First step generates a basic Gemfile

Second step generates a Gemfile.lock

I use the Gemfile.lock file for: snyk security code audit, meaning I monitor dependencies on GitHub, see my repository: docker-cheatset.

Resources and References

• Bundler.io: “How to manage application dependencies with Bundler”
• Blog post by Yehuda Katz: “Clarifying the Roles of the .gemspec and Gemfile”