Provide a way to ignore specific advisories

pdobb / pronto-bundler_audit

Pronto runner for bundler-audit, patch-level verification for bundler.

MIT License

2 stars 5 forks source link

Provide a way to ignore specific advisories #6

Closed davidstosik closed 5 years ago

davidstosik commented 5 years ago

Hello! I just discovered this gem, and it looks very nice, but I have a feature request. 🤞

BundlerAudit gives the option to ignore given advisories:

Ignore specific advisories:
$ bundle-audit check --ignore OSVDB-108664

The ignore list is passed to the ::Bundler::Audit::Scanner#scan method as an Array of String option.

It would be nice if I could pass that ignore option through Pronto.

pdobb commented 5 years ago

Thanks for the suggestion. I'll see if I can implement gem configuration to support options like this.

pdobb commented 5 years ago

Added this feature in https://github.com/pdobb/pronto-bundler_audit/pull/7. See: https://github.com/pdobb/pronto-bundler_audit#configuration

Pronto doesn't support argument passing and the rails environment doesn't boot when running pronto. So the only option I could think of was to add a configuration file to read from.

For your case, this should work:

# /.pronto-bundler_audit.yml

Advisories:
  Ignore:
    - OSVDB-108664

davidstosik commented 4 years ago

Thank you! 👏