New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
InsecureSource results in exit code 1 #106
Comments
Figured this one out, it was due to some git repositories in our lockfile that got marked as I understand the need to generate a warning when using external git repositories, but should the warning result in |
If the repositories are insecure, an attacker could MITM them and inject arbitrary code. If your threat model involves MITMing, then it makes sense to mark them as vulnerable; plus it's not hard to switch to |
Why would |
Yes. lör 29 aug 2015 00:29 Reed Loden notifications@github.com skrev:
|
Oh, duh. Reading comprehension fail. My bad. On Friday, August 28, 2015, Magnus Bergmark notifications@github.com
|
@krigar Hi! Did you solve the rake task? You could use the rake task in your project from #115 or try this commit. Then I think this issue can be closed? InsecureSource results in exit code 1 is correct as @postmodern mentioned in this comment. Thanks! |
Can this be closed? |
Hey, yeah, I'll close it now. On 29 February 2016 at 04:06, Postmodern notifications@github.com wrote:
|
We're about to integrate bundler-audit into our CircleCI build process and it's looking really promising except for one fact: ignoring vulnerabilities leads to none being listed by bundler-audit, but it still exits with
exit code 1
, making CircleCI think it failed.The reason why we ignore some vulnerabilities is because we're running on a forked version of https://github.com/spree/spree and we have to monkey patch their security patches instead of upgrading the version.
Example output:
The text was updated successfully, but these errors were encountered: