Adding a gem means you take over the liability towards the external code.

Checklist

Rails Long Term Support

Rails LTS provides security patches for old versions of Ruby on Rails (2.3, 3.2, 4.2 and 5.2)

• Prevents you from data breaches and liability risks
• Upgrade at your own pace
• Works with modern Rubies

Read more Show archive.org snapshot

Based on " To gem, or not to gem Show archive.org snapshot ":

• Gem is really needed (prefer writing your own code for simple requirements without many edge cases)
• Gem is tested well (coverage and quality)
• Gem has a good code quality
• Gem's licence fits to the project requirement
• Try to avoid gems that do much more than your requirement scope needs
• Gem has a good maturity and maintenance
• Gem has a good / familiar DSL
• If it's hard to do right, choose a mature gem (e.g. Devise or Clearance for authentication) instead of building it yourself

Also see the chapter "Owning your Stack" in the book Growing Rails Applications in Practice Show archive.org snapshot .

Services

• Open-Source Maturity & Maintenance Certification Show archive.org snapshot
• Rubygems Show archive.org snapshot
• Ruby toolbox Show archive.org snapshot