postmodern
commented
7 years ago Would this be relevant to @mveytsman and @phillmv's interests?
Open postmodern opened 7 years ago
postmodern
commented
7 years ago Would this be relevant to @mveytsman and @phillmv's interests?
picatz
commented
7 years ago This may be partially related to https://github.com/rubysec/bundler-audit/pull/182
daveallie
commented
6 years ago Interested in this. Working through the process of upgrading a production app, and currently have the app booting 2 versions of Rails. Each version is run off different bundler lockfiles, Gemfile.lock, and GemfileNext.lock. Would love for a way to supply a list of lockfiles to check or just basic cli support for custom lockfile path. If you're interested in the latter (even though it will most likely clash with this issue), please let me know and I'll submit a PR.
postmodern
commented
3 years ago @daveallie Linking my comment on scanning multiple Gemfile.lock in one go vs. multiple CI runs:
https://github.com/rubysec/bundler-audit/pull/224#issuecomment-747171065
Looking at
#initializenow, it seems that it should accept the scanner options (:ignore) and store those as instance variables. The#scanmethod would then accept the path to theGemfile.lock. This would allow the Scanner object to be configured once and ran across multipleGemfile.lockfiles.