Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Run audit automatically on bundle or bundle install command #386

Open
Urist-McUristurister opened this issue Apr 26, 2023 · 1 comment
Open

Run audit automatically on bundle or bundle install command #386

Urist-McUristurister opened this issue Apr 26, 2023 · 1 comment
Assignees
@postmodern
Labels
feature

Comments

@Urist-McUristurister
Copy link

Right now to audit the gems, you have to run a command manually or by using git hooks.

It really would be a nice touch to have an option to install bundler-audit as a bundler plugin (or maybe release it as a separate gem?), which would execute bundle-audit check -u -q on every bundle or bundle install command (maybe check if Gemfile.lock have actually changed, too?..), then either print a message and exit(1) on failure, or silently move on if everything is good.

Human memory is very unreliable, not everyone can remember to manually run the audit every time the Gemfile changes. This feature could really help improve the security.
@postmodern
Copy link
Member

Appears that we just need to add a top-level plugins.rb file and add a after-install hook?
https://bundler.io/guides/bundler_plugins.html#using-bundler-hooks

The plugin would be opt-in so you'd still need to add plugin 'bundler-audit' to your Gemfile.

@postmodern postmodern self-assigned this Apr 26, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@postmodern postmodern

Labels
feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@postmodern @Urist-McUristurister