Merge pull request #10703 from dmarcoux/pin-brakeman-version

Pin brakeman version
openSUSE · Jan 28, 2021 · 41d58c4 · 41d58c4
2 parents 09ca5f1 + 24f99f1
commit 41d58c4
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 2 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -84,7 +84,8 @@ jobs:
       - run: rm -rf src/api/tmp/rubocop*
       - run:
           name: Run brakeman
-          command: sudo gem install --no-format-executable brakeman; brakeman --rails6 -p src/api
+          # Same brakeman version is pinned in our Dockerfile to have reproducible images (the license forbids us from shipping the gem in our appliance)
+          command: sudo gem install --no-format-executable brakeman --version 5.0.0; brakeman --rails6 -p src/api
       - run:
           name: Setup application
           command: cd src/api; bundle exec rake dev:prepare assets:precompile RAILS_ENV=test FORCE_EXAMPLE_FILES=1

diff --git a/src/api/docker-files/Dockerfile b/src/api/docker-files/Dockerfile
@@ -8,7 +8,8 @@ ARG CONTAINER_USERID
 
 # for lint task
 RUN npm install -g jshint
-RUN gem install --no-format-executable brakeman
+# Same brakeman version is pinned in our CI configuration to have reproducible builds (the license forbids us from shipping the gem in our appliance)
+RUN gem install --no-format-executable brakeman --version 5.0.0
 
 # Configure our user
 RUN usermod -u $CONTAINER_USERID frontend