https://github.com/cbeer/capistrano-bundle_audit
https://github.com/cbeer/capistrano-bundle_audit
Last synced: 2 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/cbeer/capistrano-bundle_audit
- Owner: cbeer
- License: other
- Created: 2014-08-20T00:34:27.000Z (almost 11 years ago)
- Default Branch: master
- Last Pushed: 2021-03-01T14:46:55.000Z (over 4 years ago)
- Last Synced: 2025-03-24T05:34:52.682Z (3 months ago)
- Language: Ruby
- Size: 18.6 KB
- Stars: 0
- Watchers: 2
- Forks: 5
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- License: LICENSE.txt
Awesome Lists containing this project
README
# Capistrano::BundleAudit
Audit your Gemfile for known vulnerabilies before releasing.
## Installation
Add this line to your application's Gemfile:
```ruby
gem 'capistrano-bundle_audit'
```
And then execute:
$ bundle
Add this line to your `Capfile`:
```ruby
require 'capistrano/bundle_audit'
```
## Usage
After `deploy:updating` (and before the deployed code is released as the current version), `bundle-audit` will be run against the pushed code. If any vulnerabilities are discovered, the release will be aborted.
### Skipping auditing
In some cases, it is impossible to update to secure versions of dependencies. In these cases, you can relax the audit by either:
- setting the `SKIP_BUNDLE_AUDIT` environment variable before deploying (e.g. `SKIP_BUNDLE_AUDIT=true bundle exec cap production deploy`)
- ignore specific vulnerabilities by setting the Capistrano variable `bundle_audit_ignore` in `config/deploy.rb` or similar (e.g. `set :bundle_audit_ignore, %w(CVE-123456)` to ignore the vulnerability reported in CVE-123456)
## Contributing
1. Fork it ( https://github.com/[my-github-username]/capistrano-bundle_audit/fork )
2. Create your feature branch (`git checkout -b my-new-feature`)
3. Commit your changes (`git commit -am 'Add some feature'`)
4. Push to the branch (`git push origin my-new-feature`)
5. Create a new Pull Request