diff --git a/README.md b/README.md index 8eb9228..328a205 100644 --- a/README.md +++ b/README.md @@ -90,6 +90,13 @@ output example: ![](doc/imgs/code_quality_security_audit_failed_example.png) +#### options for security_audit: + +``` +# e.g.: code_quality security_audit bundler_audit_options="--ignore CVE-2015-9284" +# options: +# bundler_audit_options: pass extract options, e.g.: bundler_audit_options="--ignore CVE-2015-9284 --verbose" +``` #### work with CI diff --git a/lib/tasks/code_quality.rake b/lib/tasks/code_quality.rake index bb87b35..0c5ba88 100644 --- a/lib/tasks/code_quality.rake +++ b/lib/tasks/code_quality.rake @@ -36,9 +36,11 @@ namespace :code_quality do desc "bundler audit" task :bundler_audit => :prepare do |task| + options = options_from_env(:bundler_audit_options) + run_audit task, "bundler audit - checks for vulnerable versions of gems in Gemfile.lock" do # Update the ruby-advisory-db and check Gemfile.lock - report = `bundle audit check --update` + report = `bundle audit check --update #{options[:bundler_audit_options]}` @report_path = "#{report_dir}/bundler-audit-report.txt" File.open(@report_path, 'w') {|f| f.write report } puts report