Is there a way to pass `--ignore` to ignore specific CVEs?

christianhellsten / guard-bundler-audit

guard + bundler-audit = security

MIT License

8 stars 4 forks source link

Is there a way to pass `--ignore` to ignore specific CVEs? #4

Open thbar opened 8 years ago

thbar commented 8 years ago

Sometimes CVE can be fixed through manual patching on specific cases, and in those cases to remove the bundler audit warning it's convenient to use the --ignore switch.

Is there a way to pass this through the configuration of guard-bundler-audit?

christianhellsten commented 8 years ago

Currently there is no way of ignoring specific CVEs. It shouldn't be too difficult to add: https://github.com/rubysec/bundler-audit/blob/master/spec/scanner_spec.rb#L40 https://github.com/christianhellsten/guard-bundler-audit/blob/master/lib/guard/bundler_audit.rb#L35

Kulgar commented 2 years ago

@thbar : Funny that I find you here xD I'll have a look to that issue now that I'm a contributor, haha.