search

pyupio / safety

Safety checks Python dependencies for known security vulnerabilities and suggests the proper remediations for vulnerabilities detected.
https://safetycli.com/product/safety-cli
MIT License
1.7k stars 143 forks source link

Support configuration files #367

Closed kasium closed 2 years ago

kasium commented 2 years ago

Description

Can you please consider to support configuration files like pyproject.toml to read the configuration from. This would allow users to store the config in a central place:

[tool.safety]
cache = true
yeisonvargasf commented 2 years ago

Hi @kasium, in the new Safety 2.0, we start to support a new policy file called: .safety-policy.yml

I recommend you use the latest beta version, Safety 2.0b5

Despite the cache setting isn't supported in the file yet, you can start to ignore vulnerabilities and manage the exit code behavior.

You can generate a valid .safety-policy.yml with the following command:

safety generate policy_file

You can validate the file after your edits it with the following command:

safety validate policy_file --path .safety-policy.yml

File a new issue if you consider we should support any specific setting in this new policy file.

Thank you!

kasium commented 2 years ago

Thanks a lot!