Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Julian Borrey public release 68ae605 Oct 17, 2018
0 contributors

Users who have contributed to this file

18 lines (12 sloc) 699 Bytes

Bundle Audit

Finds CVEs in Ruby gems included in a project.

Configuration

When a CVE is present in a dependency, the best course of action is to upgrade the dependency to a patched version. However, if there is currently no patch available, this will not be possible. Provided that the vulnerability is not relevant to the given project, you might want Salus to ignore this particular CVE.

BundleAudit has a --ignore flag which allows you to ignore particular CVEs. To list CVEs that should be ignored, you can add a list to the Salus config.

scanner_configs:
  BundleAudit:
    ignore:
      - CVE-2018-3760
      - CVE-XXXX-YYYY
You can’t perform that action at this time.