Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/codeclimate/codeclimate-bundler-audit
Code Climate Engine for bundler-audit
https://github.com/codeclimate/codeclimate-bundler-audit
bundler-audit code-quality codeclimate codeclimate-engine quality ruby security static-analysis static-code-analysis
Last synced: about 1 month ago
JSON representation
Code Climate Engine for bundler-audit
- Host: GitHub
- URL: https://github.com/codeclimate/codeclimate-bundler-audit
- Owner: codeclimate
- License: lgpl-3.0
- Created: 2015-06-19T13:33:42.000Z (over 9 years ago)
- Default Branch: master
- Last Pushed: 2023-04-19T17:21:30.000Z (over 1 year ago)
- Last Synced: 2024-04-15T01:47:41.075Z (8 months ago)
- Topics: bundler-audit, code-quality, codeclimate, codeclimate-engine, quality, ruby, security, static-analysis, static-code-analysis
- Language: Ruby
- Size: 142 KB
- Stars: 12
- Watchers: 24
- Forks: 7
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Code Climate bundler-audit Engine
[![Code Climate](https://codeclimate.com/github/codeclimate/codeclimate-bundler-audit/badges/gpa.svg)](https://codeclimate.com/github/codeclimate/codeclimate-bundler-audit)
`codeclimate-bundler-audit` is a Code Climate engine that wraps [bundler-audit](https://github.com/rubysec/bundler-audit). You can run it on your command line using the Code Climate CLI, or on our hosted analysis platform.
bundler-audit offers patch-level verification for [Bundler](http://bundler.io/).
### Installation
1. If you haven't already, [install the Code Climate CLI](https://github.com/codeclimate/codeclimate).
2. Run `codeclimate engines:enable bundler-audit`. This command both installs the engine and enables it in your `.codeclimate.yml` file.
3. You're ready to analyze! Browse into your project's folder and run `codeclimate analyze`.### Configuration
By default, bundler-audit will look for a `Gemfile.lock` file in the root of
your project. Optionally configure Code Climate to look at a different path:```yml
plugins:
bundler-audit:
enabled: true
config:
path: optional/path/to/Gemfile.lock
```In the same way you can ignore certain advisories that have been manually resolved:
```yml
# .codeclimate.yml
plugins:
bunlder-audit:
enabled: true
config:
ignore:
- CVE-YYYY-XXXX
```* `ignore:` \[Array\\] - A list of advisory IDs to ignore.
### Updating the vulnerability database
If you want to update the vulnerability database, run
```console
make update_database
```### Need help?
For help with bundler-audit, [check out their documentation](https://github.com/rubysec/bundler-audit).
If you're running into a Code Climate issue, first look over this project's [GitHub Issues](https://github.com/codeclimate/bundler-audit/issues), as your question may have already been covered. If not, [go ahead and open a support ticket with us](https://codeclimate.com/help).