New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
allow passing Gemfile.lock paths to bundle audit #178
Comments
Scanning multiple lock files is related to #181. Would definitely like to support that. |
@postmodern A situation where this could be useful is when I only want production-level gems to be checked and I want development gems to be excluded. I could maintain a Although it's nice to be protected against all vulnerabilities, sometimes it is less urgent to resolve a vulnerability if it's just affecting a development gem. It allows CI pipelines that depend on a clean bundle-audit run to continue to be in a green state if only non-production gems are affected. For example, today's new vulnerability on rubyzip is disruptive to a project I'm involved with because a fix has not yet been published to rubygems. But, my project only depends on rubyzip through a gem used for unit tests only. Why must we now have our CI pipeline go into a RED state and cause disruption in our project? |
Going to +1 this - we would really appreciate this feature for CI purposes. |
+1 for same CI purposes |
0.8.0 now supports a |
bundler-audit 0.8.0.rc1 has been released! Please test and provide any QA feedback.
|
Pr. rubysec#178 the parameter is --gemfile-lock
Pr. #178 the parameter is --gemfile-lock
either as a single file or as multiple files in the same command.
The text was updated successfully, but these errors were encountered: