Skip to content

support for running bundle audit with local db #388

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ghbren merged 5 commits into from
Jul 21, 2021
Merged

support for running bundle audit with local db #388

ghbren merged 5 commits into from
Jul 21, 2021

Conversation

@ghbren
Copy link
Contributor

@ghbren ghbren commented Jun 29, 2021
edited
Loading

By default, BundleAudit pulls advisory info from ruby-advisory-db.
This PR adds support for scanning against a local advisory DB. The config below will scan against the local DB in addition to ruby-advisory-db.

scanner_configs:
  BundleAudit:
    local_db: $local_db_dir

joshuaostrom-cb
joshuaostrom-cb reviewed Jul 19, 2021
View reviewed changes
Copy link
Contributor

@joshuaostrom-cb joshuaostrom-cb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR looks good. Do we foresee a case where we'd want to run only against the local advisory DB (and not dual run against the ruby-advisory-db too)? If so, I could see a use case for a local-db-only:true config or similar. But not need to be a blocker if it's a YAGNI.

@ghbren
Copy link
Contributor Author

ghbren commented Jul 19, 2021

PR looks good. Do we foresee a case where we'd want to run only against the local advisory DB (and not dual run against the ruby-advisory-db too)? If so, I could see a use case for a local-db-only:true config or similar. But not need to be a blocker if it's a YAGNI.

Good question. But I have not seen a case where we only want to run against the local DB.

@cb-heimdall cb-heimdall dismissed joshuaostrom-cb’s stale review July 19, 2021 17:45

Approved review 709769858 from joshua-ostrom is now dismissed due to new commit. Re-request for approval.

@ghbren ghbren merged commit 4339782 into master Jul 21, 2021
@ghbren ghbren deleted the bundle_audit_local branch July 21, 2021 18:31
@ghbren ghbren mentioned this pull request Jul 22, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@joshuaostrom-cb joshuaostrom-cb joshuaostrom-cb approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ghbren @joshuaostrom-cb