New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Vulnerability not ignored when added to .safety-policy.yml #480
Comments
@widal001, thank you for the detailed issue report; there is a proposed solution on #477; we will release a 3.0 Safety version with improved capabilities and a fix for this; however, we still need to address if we'll release a new beta version with these fixes only. Safety 3.0 is going to be released this month. |
Is there any update on this fix? |
I see that 2.4.0b2 was released, but it appears to still have this problem. We have been told 3.0 was imminent since at least August. Is the pyup/safetey team able to provide a fix for this while we wait for 3.0 to come out? |
I can confirm that version 3.0.1 of |
Description
Running
safety check
raises a vulnerability and fails the check even though the corresponding vulnerability id is added toignore-vulnerabilities:
in thesafety-policy.yml
file. The checks pass when the vulnerability id is passed explicitly tosafety check --ignore=51457
What I Did
Running
safety check
Running the safety check as is produces the following result
Note that the command does seem to be picking up the security policy file:
Additionally the
.safety-policy.yml
file does explicitly list51457
in theignore-vulnerabilities
section:Running
safety check --ignore
When the vulnerability id is explicitly passed as part of the
safety check
command, the vulnerability is successfully ignored:The text was updated successfully, but these errors were encountered: