postmodern
commented
5 years ago Conflicted on whether bundler-audit should audit all the things, or if we should have separate niche tools similar to bundler-audit. I already see there's bundler-leak.
Open grosser opened 5 years ago
postmodern
commented
5 years ago Conflicted on whether bundler-audit should audit all the things, or if we should have separate niche tools similar to bundler-audit. I already see there's bundler-leak.
grosser
commented
5 years ago It's kinda wasteful duplication ... would be nice to have a single tool and then plug in different sources default could be cves and with --source 'https://github.com/foo/leak-list' then there is more :)
On Fri, Nov 22, 2019 at 7:28 PM Postmodern notifications@github.com wrote:
Conflicted on whether bundler-audit should audit all the things, or if we should have separate niche tools similar to bundler-audit. I already see there's bundler-leak https://github.com/rubymem/bundler-leak.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/rubysec/bundler-audit/issues/223?email_source=notifications&email_token=AAACYZ3FH7IIVNPO5VUMSS3QVCPOFA5CNFSM4ISEWLO2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEE7ML6A#issuecomment-557762040, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAACYZ664PSK5WETOGU22G3QVCPOFANCNFSM4ISEWLOQ .
https://github.com/rubymem/ruby-mem-advisory-db seems interesting, would adding it (maybe with an opt-in flag) be a good idea ?