Skip to content

Commit

Permalink
ok, now lets get green
Browse files Browse the repository at this point in the history
  • Loading branch information
dgarnier committed Jun 4, 2024
1 parent fc0d599 commit 4fcd9a5
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 11 deletions.
16 changes: 8 additions & 8 deletions .safety-check-policy.yml
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
# Safety Security and License Configuration file
security: # configuration for the `safety check` command
ignore-cvss-severity-below: 0 # A severity number between 0 and 10. Some helpful reference points: 9=ignore all vulnerabilities except CRITICAL severity. 7=ignore all vulnerabilities except CRITICAL
ignore-cvss-unknown-severity: False # True or False. We recommend you set this to False.
ignore-vulnerabilities: # Here you can list multiple specific vulnerabilities you want to ignore (optionally for a time period)
# We recommend making use of the optional `reason` and `expires` keys for each vulnerability that you ignore.
70612: # Example vulnerability ID
reason: we do not use the vulnerable function # optional, for internal note purposes to communicate with your team. This reason will be reported in the Safety reports
expires: '2025-01-01' # datetime string - date this ignore will expire, best practice to use this variable
continue-on-vulnerability-error: False # Suppress non-zero exit codes when vulnerabilities are found. Enable this in pipelines and CI/CD processes if you want to pass builds that have vulnerabilities
ignore-cvss-severity-below: 0 # A severity number between 0 and 10. Some helpful reference points: 9=ignore all vulnerabilities except CRITICAL severity. 7=ignore all vulnerabilities except CRITICAL
ignore-cvss-unknown-severity: False # True or False. We recommend you set this to False.
ignore-vulnerabilities: # Here you can list multiple specific vulnerabilities you want to ignore (optionally for a time period)
# We recommend making use of the optional `reason` and `expires` keys for each vulnerability that you ignore.
70612: # Example vulnerability ID
reason: we do not use the vulnerable function # optional, for internal note purposes to communicate with your team. This reason will be reported in the Safety reports
expires: "2025-01-01" # datetime string - date this ignore will expire, best practice to use this variable
continue-on-vulnerability-error: False # Suppress non-zero exit codes when vulnerabilities are found. Enable this in pipelines and CI/CD processes if you want to pass builds that have vulnerabilities
11 changes: 8 additions & 3 deletions noxfile.py
Original file line number Diff line number Diff line change
Expand Up @@ -142,9 +142,14 @@ def safety(session: Session) -> None:
"""Scan dependencies for insecure packages."""
requirements = session.poetry.export_requirements()
session.install("safety")
session.run("safety", "check",
"--policy-file", ".safety-check-policy.yml",
"--full-report", f"--file={requirements}")
session.run(
"safety",
"check",
"--policy-file",
".safety-check-policy.yml",
"--full-report",
f"--file={requirements}",
)


@session(python=python_versions)
Expand Down

0 comments on commit 4fcd9a5

Please sign in to comment.