Your project have been accepted for GSoC. Congrats!
Congrats from me as well!
Regarding the ideas about isitfedoraruby, I once told Vit I would really like
to see checks that our gems are properly patched against released CVEs
(so that nobody says "oh you have rails 3.2.8, everybody knows its
vulnerable"),
but the proper solution would be to have all the reproducers and do real checks
so you can be sure no regression was introduced.
This is probably not an easy task, but since you have asked :).
Josef