File tree Expand file tree Collapse file tree 2 files changed +35
-1
lines changed Expand file tree Collapse file tree 2 files changed +35
-1
lines changed Original file line number Diff line number Diff line change @@ -10,7 +10,7 @@ pairing with smart people at Hashrocket.
1010
1111For a steady stream of TILs, [ sign up for my newsletter] ( https://crafty-builder-6996.ck.page/e169c61186 ) .
1212
13- _ 1183 TILs and counting..._
13+ _ 1184 TILs and counting..._
1414
1515---
1616
@@ -992,6 +992,7 @@ _1183 TILs and counting..._
992992- [ Show Public Methods With Pry] ( ruby/show-public-methods-with-pry.md )
993993- [ Silence The Output Of A Ruby Statement In Pry] ( ruby/silence-the-output-of-a-ruby-statement-in-pry.md )
994994- [ Single And Double Quoted String Notation] ( ruby/single-and-double-quoted-string-notation.md )
995+ - [ Skip Specific CVEs When Auditing Your Bundle] ( ruby/skip-specific-cves-when-auditing-your-bundle.md )
995996- [ Squeeze Out The Extra Space] ( ruby/squeeze-out-the-extra-space.md )
996997- [ String Interpolation With Instance Variables] ( ruby/string-interpolation-with-instance-variables.md )
997998- [ Summing Collections] ( ruby/summing-collections.md )
Original file line number Diff line number Diff line change 1+ # Skip Specific CVEs When Auditing Your Bundle
2+
3+ The [ ` bundler-audit ` gem] ( https://github.com/rubysec/bundler-audit ) is a tool
4+ that can check for CVEs (Common Vulnerabilities and Exposures) in the installed
5+ versions of gems in your Ruby project. This is a great addition to a CI
6+ pipeline to ensure you aren't deploying code with vulnerabilities.
7+
8+ If you have a known CVE in one of your dependencies, I recommend installing a
9+ patch as soon as possible. Of course, we have to apply some nuance to that
10+ statement.
11+
12+ It is possible that we need to temporarily ignore the CVE warning to continue
13+ to ship code while we work on integrating the patch. Or it may be super
14+ low-risk and we are comfortable putting it off for a while.
15+
16+ Use the ` --ignore ` flag to prevent ` bundler-audit ` from flagging a specific
17+ CVE.
18+
19+ ``` bash
20+ $ bundler-audit check --ignore CVE-2022-23837
21+ ```
22+
23+ Or if you need to ignore multiple, list them one after another.
24+
25+ ``` bash
26+ $ bundler-audit check --ignore CVE-2022-23837 CVE-2021-41817
27+ ```
28+
29+ If you do skip a CVE in your bundle audit, make sure you understand the risks
30+ and have a plan for dealing with it in the future.
31+
32+ See ` bundler-audit --help ` or [ their
33+ docs] ( https://github.com/rubysec/bundler-audit ) for more details.
You can’t perform that action at this time.
0 commit comments