From fc0d5998c77297e871e318cfc171ad8e4c0c1213 Mon Sep 17 00:00:00 2001 From: Darren Garnier Date: Tue, 4 Jun 2024 18:24:14 +1200 Subject: [PATCH] ignore safety fail --- .safety-check-policy.yml | 10 ++++++++++ noxfile.py | 4 +++- 2 files changed, 13 insertions(+), 1 deletion(-) create mode 100644 .safety-check-policy.yml diff --git a/.safety-check-policy.yml b/.safety-check-policy.yml new file mode 100644 index 0000000..4f8bd82 --- /dev/null +++ b/.safety-check-policy.yml @@ -0,0 +1,10 @@ +# Safety Security and License Configuration file +security: # configuration for the `safety check` command + ignore-cvss-severity-below: 0 # A severity number between 0 and 10. Some helpful reference points: 9=ignore all vulnerabilities except CRITICAL severity. 7=ignore all vulnerabilities except CRITICAL + ignore-cvss-unknown-severity: False # True or False. We recommend you set this to False. + ignore-vulnerabilities: # Here you can list multiple specific vulnerabilities you want to ignore (optionally for a time period) + # We recommend making use of the optional `reason` and `expires` keys for each vulnerability that you ignore. + 70612: # Example vulnerability ID + reason: we do not use the vulnerable function # optional, for internal note purposes to communicate with your team. This reason will be reported in the Safety reports + expires: '2025-01-01' # datetime string - date this ignore will expire, best practice to use this variable + continue-on-vulnerability-error: False # Suppress non-zero exit codes when vulnerabilities are found. Enable this in pipelines and CI/CD processes if you want to pass builds that have vulnerabilities \ No newline at end of file diff --git a/noxfile.py b/noxfile.py index 0da75bd..753ee91 100644 --- a/noxfile.py +++ b/noxfile.py @@ -142,7 +142,9 @@ def safety(session: Session) -> None: """Scan dependencies for insecure packages.""" requirements = session.poetry.export_requirements() session.install("safety") - session.run("safety", "check", "--full-report", f"--file={requirements}") + session.run("safety", "check", + "--policy-file", ".safety-check-policy.yml", + "--full-report", f"--file={requirements}") @session(python=python_versions)