Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Safety key flag #4257

Merged
merged 4 commits into from
May 20, 2020
Merged

Safety key flag #4257

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
817d171
Accepts Safety API key flag
rafaelpivato May 17, 2020
b32dd52
Safety help strings
rafaelpivato May 17, 2020
48f9784
Merge branch 'master' into safety-key-flag
techalchemy May 20, 2020
ce5499d
Added news entry
techalchemy May 20, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions news/4257.feature.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Added ``--key`` command line parameter for including personal PyUp.io API tokens when running ``pipenv check``.
20 changes: 15 additions & 5 deletions pipenv/cli/command.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -410,7 +410,8 @@ def run(state, command, args):


@cli.command(
short_help="Checks for security vulnerabilities and against PEP 508 markers provided in Pipfile.",
short_help="Checks for PyUp Safety security vulnerabilities and against"
" PEP 508 markers provided in Pipfile.",
context_settings=subcommand_context
)
@option(
Expand All @@ -423,19 +424,26 @@ def run(state, command, args):
"--db",
nargs=1,
default=lambda: os.environ.get('PIPENV_SAFETY_DB', False),
help="Path to a local vulnerability database. Default: ENV PIPENV_SAFETY_DB or None",
help="Path to a local PyUp Safety vulnerabilities database."
" Default: ENV PIPENV_SAFETY_DB or None.",
)
@option(
"--ignore",
"-i",
multiple=True,
help="Ignore specified vulnerability during safety checks.",
help="Ignore specified vulnerability during PyUp Safety checks.",
)
@option(
"--output",
type=Choice(["default", "json", "full-report", "bare"]),
default="default",
help="Translates to --json, --full-report or --bare from safety check",
help="Translates to --json, --full-report or --bare from PyUp Safety check",
)
@option(
"--key",
help="Safety API key from PyUp.io for scanning dependencies against a live"
" vulnerabilities database. Leave blank for scanning against a"
" database that only updates once a month.",
)
@option(
"--quiet",
Expand All @@ -453,11 +461,12 @@ def check(
style=False,
ignore=None,
output="default",
key=None,
quiet=False,
args=None,
**kwargs
):
"""Checks for security vulnerabilities and against PEP 508 markers provided in Pipfile."""
"""Checks for PyUp Safety security vulnerabilities and against PEP 508 markers provided in Pipfile."""
from ..core import do_check

do_check(
Expand All @@ -468,6 +477,7 @@ def check(
db=db,
ignore=ignore,
output=output,
key=key,
quiet=quiet,
args=args,
pypi_mirror=state.pypi_mirror,
Expand Down
5 changes: 3 additions & 2 deletions pipenv/core.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2568,6 +2568,7 @@ def do_check(
db=False,
ignore=None,
output="default",
key=None,
quiet=False,
args=None,
pypi_mirror=None
Expand Down Expand Up @@ -2685,8 +2686,8 @@ def do_check(
if not quiet and not environments.is_quiet():
click.echo(crayons.normal("Using local database {}".format(db)))
cmd.append("--db={0}".format(db))
if PIPENV_PYUP_API_KEY and not db:
cmd = cmd + ["--key={0}".format(PIPENV_PYUP_API_KEY)]
elif key or PIPENV_PYUP_API_KEY:
cmd = cmd + ["--key={0}".format(key or PIPENV_PYUP_API_KEY)]
if ignored:
for cve in ignored:
cmd += cve
Expand Down