Not ignoring based on policy file
Closed this issue · 1 comments
romanzdk commented
- safety version: 2.4.0b2
- Python version: 3.10.13
- Operating System: Debian GNU/Linux 12 (bookworm)
Description
We have .safety-policy.yml file defined like this:
security:
ignore-vulnerabilities:
59901:
reason: Some reason
expires: '2024-03-15'
62044:
reason: No upstream python images provide updated pip for now
expires: '2024-01-01'
the safety validate policy_file --path .safety-policy.yml
outputs:
The Safety policy file was successfully parsed with the following values:
{
"security": {
"ignore-vulnerabilities": {
"59901": {
"reason": "Some reason",
"expires": "2024-03-15 00:00:00"
},
"62044": {
"reason": "No upstream python images provide updated pip for now",
"expires": "2024-01-01 00:00:00"
}
}
},
"filename": ".safety-policy.yml"
}
however, when I run the safety check safety check --policy-file .safety-policy.yml
I still get the 59901 reported as vulnerability.
nicolassanmar commented
I can confirm that version 3.0.1 of pyup/safety
can now ignore vulnerabilities based on the policy_file, while versions 2.X did not work as expected.