README states that ignoring multiple vulnerabilities can be done with
safety check -i 1234,4567,89101
This doesn't seem to work: none of the configured IDs are ignored.
What I Did
If I run a safety check on two insecure packages, I get the expected result:
echo -e "insecure-package==0.1\nstarlette==0.26.1" | safety check --stdin
...
Scan was completed. 2 vulnerabilities were found.
We can configure one ignore without issue: it will be ignored by the scan:
echo -e "insecure-package==0.1\nstarlette==0.26.1" | safety check --stdin -i 58758
Scan was completed. 1 vulnerability was found. 1 vulnerability from 1 package was ignored.
Setting the ignores separately (the backward compatibility way) works as expected:
echo -e "insecure-package==0.1\nstarlette==0.26.1" | safety check --stdin -i 58758 -i 58713
Scan was completed. 0 vulnerabilities were found. 2 vulnerabilities from 2 packages were ignored.
However, if we try to add the second package to the ignore list in the documented way, neither of them get ignored:
echo -e "insecure-package==0.1\nstarlette==0.26.1" | safety check --stdin -i 58758,58713
Scan was completed. 2 vulnerabilities were found.
In safety.check(), ignore_vulns becomes {'58758,58713': {'expires': None, 'reason': ''}}, so vulnerability.vulnerability_id not in ignore_vulns will return True for each of the ignored vulnerabilities and both will get added to the report.
Description
README states that ignoring multiple vulnerabilities can be done with
This doesn't seem to work: none of the configured IDs are ignored.
What I Did
If I run a safety check on two insecure packages, I get the expected result:
We can configure one ignore without issue: it will be ignored by the scan:
Setting the ignores separately (the backward compatibility way) works as expected:
However, if we try to add the second package to the ignore list in the documented way, neither of them get ignored:
In
safety.check()
,ignore_vulns
becomes{'58758,58713': {'expires': None, 'reason': ''}}
, sovulnerability.vulnerability_id not in ignore_vulns
will return True for each of the ignored vulnerabilities and both will get added to the report.