diff --git a/CHANGELOG.md b/CHANGELOG.md
index 16bb0aa..4262a5f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,10 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 
 ## [Unreleased]
 
+### Changed
+
+* Use JRUBY_VERSION when checking jruby engine
+
 ## [3.1.0] - 2026-01-07
 
 ### Added
diff --git a/lib/ruby_audit/scanner.rb b/lib/ruby_audit/scanner.rb
index 9638175..041c294 100644
--- a/lib/ruby_audit/scanner.rb
+++ b/lib/ruby_audit/scanner.rb
@@ -25,8 +25,10 @@ def scan(options = {}, &block)
       self
     end
 
-    def scan_ruby(options = {}, &)
-      version = if RUBY_PATCHLEVEL < 0
+    def scan_ruby(options = {}, &block)
+      version = if RUBY_ENGINE == "jruby"
+                  "#{JRUBY_VERSION}"
+                elsif RUBY_PATCHLEVEL < 0
                   ruby_version
                 else
                   "#{RUBY_VERSION}.#{RUBY_PATCHLEVEL}"
diff --git a/spec/scanner_spec.rb b/spec/scanner_spec.rb
index 65f3bfa..587f277 100644
--- a/spec/scanner_spec.rb
+++ b/spec/scanner_spec.rb
@@ -5,12 +5,19 @@
 
   subject { scanner.scan.to_a }
 
-  before(:each) do
-    stub_const('RUBY_VERSION', '2.2.1')
-    stub_const('RUBY_ENGINE', 'ruby')
-    stub_const('RUBY_PATCHLEVEL', 85)
-    allow_any_instance_of(RubyAudit::Scanner)
-      .to receive(:rubygems_version).and_return('2.4.5')
+  context 'jruby' do
+    before(:each) do
+      stub_const('RUBY_ENGINE', 'jruby')
+      stub_const('JRUBY_VERSION', '1.4.0')
+      allow_any_instance_of(RubyAudit::Scanner)
+        .to receive(:rubygems_version).and_return('2.4.5')
+    end
+
+    it 'handles jruby versions' do
+      allow_any_instance_of(RubyAudit::Scanner)
+        .to receive(:ruby_version).and_return('1.4.0')
+      expect(subject.map { |r| r.advisory.id }).to include('CVE-2010-1330')
+    end
   end
 
   context 'when auditing an unpatched Ruby' do
@@ -42,22 +49,22 @@
         expect(subject.map { |r| r.advisory.id }).not_to include('CVE-2015-1855')
       end
     end
-  end
 
-  context 'when auditing an unpatched RubyGems' do
-    it 'should match an unpatched RubyGems to its advisories' do
-      expect(subject.all? do |result|
-               result.advisory.vulnerable?(result.gem.version)
-             end).to be_truthy
-      expect(subject.map { |r| r.advisory.id }).to include('CVE-2015-3900')
-    end
+    context 'when auditing an unpatched RubyGems' do
+      it 'should match an unpatched RubyGems to its advisories' do
+        expect(subject.all? do |result|
+          result.advisory.vulnerable?(result.gem.version)
+        end).to be_truthy
+        expect(subject.map { |r| r.advisory.id }).to include('CVE-2015-3900')
+      end
 
-    context 'when the :ignore option is given' do
-      subject { scanner.scan(ignore: ['CVE-2015-3900']) }
+      context 'when the :ignore option is given' do
+        subject { scanner.scan(ignore: ['CVE-2015-3900']) }
 
-      it 'should ignore the specified advisories' do
-        expect(subject.map { |r| r.advisory.id })
-          .not_to include('CVE-2015-3900')
+        it 'should ignore the specified advisories' do
+          expect(subject.map { |r| r.advisory.id })
+            .not_to include('CVE-2015-3900')
+        end
       end
     end
   end