Sha256: 59864be0f6f95cca2f1aa57741d964d064952f1f7d2d6f537d5f75e42ac542e0
Contents?: true
Size: 1.22 KB
Versions: 64
Compression:
Stored size: 1.22 KB
Contents
namespace :ci do
# Checks bundle audit and converts advisories into "attachments"
# Usage: bin/rake ci:bundle_audit
desc 'Patch-level verification for Bundler'
task :bundle_audit do
require 'English'
# Update ruby-advisory-db
`bundle audit update`
# Check for insecure dependencies
output = `bundle audit check`
next if $CHILD_STATUS.exitstatus.zero?
output.split("\n\n").each do |advisory|
lines = advisory.split("\n")
next if lines.count == 1
hash = {}
lines.each do |line|
matchdata = line.match(/\A([^:]+):\s(.*)\z/)
next if matchdata.nil?
hash[matchdata[1]] = matchdata[2]
end
title = hash.delete('Title')
url = hash.delete('URL')
solution = hash.delete('Solution')
criticality = hash['Criticality']
attachment = {
color: criticality == 'High' ? 'danger' : 'warning',
fallback: title,
title: title,
title_link: url,
text: solution,
fields: hash.map { |key, value| { title: key, value: value, short: true } },
footer: 'bundle exec rake ci:bundle_audit'
}
@attachments ||= []
@attachments << attachment
puts attachment.inspect
end
end
end
Version data entries
64 entries across 64 versions & 1 rubygems