diff --git a/lib/bundler/audit/scanner.rb b/lib/bundler/audit/scanner.rb
index d0431df6..90656629 100644
--- a/lib/bundler/audit/scanner.rb
+++ b/lib/bundler/audit/scanner.rb
@@ -215,7 +215,18 @@ def scan_specs(options={})
                  else                     config.ignore
                  end
 
-        @lockfile.specs.each do |gem|
+        specs = @lockfile.specs
+
+        # Bundler itself doesn't appear in the list of specs in the lockfile,
+        # but the lockfile does provide a version for it
+        if @lockfile.bundler_version
+          specs << Gem::Specification.new do |s|
+            s.name = 'bundler'
+            s.version = @lockfile.bundler_version
+          end
+        end
+
+        specs.each do |gem|
           @database.check_gem(gem) do |advisory|
             is_ignored = ignore.intersect?(advisory.identifiers.to_set)
             next if is_ignored