Bundler-Audit is a command-line Software Composition Analysis (SCA) tool specifically designed for Ruby applications. It scans the Gemfile.lock file to check for dependencies (gems) with known security vulnerabilities. It cross-references the gem versions against the Ruby Advisory Database. This tool is ideal for integration into a DevSecOps CI/CD pipeline to automate security checks for Ruby dependencies, directly addressing the scenario's requirement.

A. Bandit is a Static Application Security Testing (SAST) tool designed to find common security issues in Python code, not an SCA tool for Ruby.

C. Retire.js is a tool focused on detecting the use of JavaScript libraries with known vulnerabilities, not Ruby dependencies.

D. Tenable.io is a comprehensive vulnerability management platform, not a specialized, lightweight SCA tool for integrating directly into a Ruby development workflow.

- rubysec, "bundler-audit GitHub Repository," README.md. Accessed October 2023. (https://github.com/rubysec/bundler-audit). The official project documentation describes its function as "Patch-level verification for Bundler."

- OWASP Foundation, "OWASP Software Component Analysis." Accessed October 2023. (https://owasp.org/www-community/ComponentAnalysis). This page lists various SCA tools, categorizing them by language and function, aligning Bundler-Audit with Ruby dependency checking.