Merge pull request #4257 from rafaelpivato/safety-key-flag

pypa · May 20, 2020 · b2cc53a · b2cc53a
2 parents 49335ad + ce5499d
commit b2cc53a
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 7 deletions.
diff --git a/news/4257.feature.rst b/news/4257.feature.rst
@@ -0,0 +1 @@
+Added ``--key`` command line parameter for including personal PyUp.io API tokens when running ``pipenv check``.
diff --git a/pipenv/cli/command.py b/pipenv/cli/command.py
@@ -410,7 +410,8 @@ def run(state, command, args):
 
 
 @cli.command(
-    short_help="Checks for security vulnerabilities and against PEP 508 markers provided in Pipfile.",
+    short_help="Checks for PyUp Safety security vulnerabilities and against"
+               " PEP 508 markers provided in Pipfile.",
     context_settings=subcommand_context
 )
 @option(
@@ -423,19 +424,26 @@ def run(state, command, args):
     "--db",
     nargs=1,
     default=lambda: os.environ.get('PIPENV_SAFETY_DB', False),
-    help="Path to a local vulnerability database. Default: ENV PIPENV_SAFETY_DB or None",
+    help="Path to a local PyUp Safety vulnerabilities database."
+         " Default: ENV PIPENV_SAFETY_DB or None.",
 )
 @option(
     "--ignore",
     "-i",
     multiple=True,
-    help="Ignore specified vulnerability during safety checks.",
+    help="Ignore specified vulnerability during PyUp Safety checks.",
 )
 @option(
     "--output",
     type=Choice(["default", "json", "full-report", "bare"]),
     default="default",
-    help="Translates to --json, --full-report or --bare from safety check",
+    help="Translates to --json, --full-report or --bare from PyUp Safety check",
+)
+@option(
+    "--key",
+    help="Safety API key from PyUp.io for scanning dependencies against a live"
+         " vulnerabilities database. Leave blank for scanning against a"
+         " database that only updates once a month.",
 )
 @option(
     "--quiet",
@@ -453,11 +461,12 @@ def check(
     style=False,
     ignore=None,
     output="default",
+    key=None,
     quiet=False,
     args=None,
     **kwargs
 ):
-    """Checks for security vulnerabilities and against PEP 508 markers provided in Pipfile."""
+    """Checks for PyUp Safety security vulnerabilities and against PEP 508 markers provided in Pipfile."""
     from ..core import do_check
 
     do_check(
@@ -468,6 +477,7 @@ def check(
         db=db,
         ignore=ignore,
         output=output,
+        key=key,
         quiet=quiet,
         args=args,
         pypi_mirror=state.pypi_mirror,

diff --git a/pipenv/core.py b/pipenv/core.py
@@ -2568,6 +2568,7 @@ def do_check(
     db=False,
     ignore=None,
     output="default",
+    key=None,
     quiet=False,
     args=None,
     pypi_mirror=None
@@ -2685,8 +2686,8 @@ def do_check(
         if not quiet and not environments.is_quiet():
             click.echo(crayons.normal("Using local database {}".format(db)))
         cmd.append("--db={0}".format(db))
-    if PIPENV_PYUP_API_KEY and not db:
-        cmd = cmd + ["--key={0}".format(PIPENV_PYUP_API_KEY)]
+    elif key or PIPENV_PYUP_API_KEY:
+        cmd = cmd + ["--key={0}".format(key or PIPENV_PYUP_API_KEY)]
     if ignored:
         for cve in ignored:
             cmd += cve