Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/codeclimate/codeclimate-bundler-audit

Code Climate Engine for bundler-audit
https://github.com/codeclimate/codeclimate-bundler-audit

bundler-audit code-quality codeclimate codeclimate-engine quality ruby security static-analysis static-code-analysis

Last synced: about 1 month ago
JSON representation

Code Climate Engine for bundler-audit

Awesome Lists containing this project

README

        

# Code Climate bundler-audit Engine

[![Code Climate](https://codeclimate.com/github/codeclimate/codeclimate-bundler-audit/badges/gpa.svg)](https://codeclimate.com/github/codeclimate/codeclimate-bundler-audit)

`codeclimate-bundler-audit` is a Code Climate engine that wraps [bundler-audit](https://github.com/rubysec/bundler-audit). You can run it on your command line using the Code Climate CLI, or on our hosted analysis platform.

bundler-audit offers patch-level verification for [Bundler](http://bundler.io/).

### Installation

1. If you haven't already, [install the Code Climate CLI](https://github.com/codeclimate/codeclimate).
2. Run `codeclimate engines:enable bundler-audit`. This command both installs the engine and enables it in your `.codeclimate.yml` file.
3. You're ready to analyze! Browse into your project's folder and run `codeclimate analyze`.

### Configuration

By default, bundler-audit will look for a `Gemfile.lock` file in the root of
your project. Optionally configure Code Climate to look at a different path:

```yml
plugins:
bundler-audit:
enabled: true
config:
path: optional/path/to/Gemfile.lock
```

In the same way you can ignore certain advisories that have been manually resolved:

```yml
# .codeclimate.yml
plugins:
bunlder-audit:
enabled: true
config:
ignore:
- CVE-YYYY-XXXX
```

* `ignore:` \[Array\\] - A list of advisory IDs to ignore.

### Updating the vulnerability database

If you want to update the vulnerability database, run

```console
make update_database
```

### Need help?

For help with bundler-audit, [check out their documentation](https://github.com/rubysec/bundler-audit).

If you're running into a Code Climate issue, first look over this project's [GitHub Issues](https://github.com/codeclimate/bundler-audit/issues), as your question may have already been covered. If not, [go ahead and open a support ticket with us](https://codeclimate.com/help).