From 31ac4109b6fb82238c3a19f79f595c307c3b7811 Mon Sep 17 00:00:00 2001 From: alex Date: Thu, 14 Aug 2025 10:00:27 -0400 Subject: [PATCH] Preview/google osv-scanner --- Gemfile.lock | 128 +++++++++++++++++++++++++++++++++++++++++++++++ osv-scanner.toml | 20 ++++++++ 2 files changed, 148 insertions(+) create mode 100644 Gemfile.lock create mode 100644 osv-scanner.toml diff --git a/Gemfile.lock b/Gemfile.lock new file mode 100644 index 0000000..95685c7 --- /dev/null +++ b/Gemfile.lock @@ -0,0 +1,128 @@ +GEM + remote: https://rubygems.org/ + specs: + actioncable (6.0.2.1) + actionpack (= 6.0.2.1) + nio4r (~> 2.0) + websocket-driver (>= 0.6.1) + actionmailbox (6.0.2.1) + actionpack (= 6.0.2.1) + activejob (= 6.0.2.1) + activerecord (= 6.0.2.1) + activestorage (= 6.0.2.1) + activesupport (= 6.0.2.1) + mail (>= 2.7.1) + actionmailer (6.0.2.1) + actionpack (= 6.0.2.1) + actionview (= 6.0.2.1) + activejob (= 6.0.2.1) + mail (~> 2.5, >= 2.5.4) + actionpack (6.0.2.1) + actionview (= 6.0.2.1) + activesupport (= 6.0.2.1) + rack (~> 2.0) + rack-test (>= 0.6.3) + rails-dom-testing (~> 2.0) + actiontext (6.0.2.1) + actionpack (= 6.0.2.1) + activerecord (= 6.0.2.1) + activestorage (= 6.0.2.1) + activesupport (= 6.0.2.1) + nokogiri (>= 1.8.5) + actionview (6.0.2.1) + activesupport (= 6.0.2.1) + builder (~> 3.1) + erubi (~> 1.4) + rails-dom-testing (~> 2.0) + activejob (6.0.2.1) + activesupport (= 6.0.2.1) + globalid (>= 0.3.6) + activemodel (6.0.2.1) + activesupport (= 6.0.2.1) + activerecord (6.0.2.1) + activemodel (= 6.0.2.1) + activesupport (= 6.0.2.1) + activestorage (6.0.2.1) + actionpack (= 6.0.2.1) + activejob (= 6.0.2.1) + activerecord (= 6.0.2.1) + marcel (~> 0.3.1) + activesupport (6.0.2.1) + concurrent-ruby (~> 1.0, >= 1.0.2) + i18n (>= 0.7, < 2) + minitest (~> 5.1) + tzinfo (~> 1.1) + bootsnap (1.4.5) + msgpack (~> 1.0) + builder (3.2.4) + concurrent-ruby (1.1.5) + crass (1.0.6) + erubi (1.9.0) + globalid (0.4.2) + activesupport (>= 4.2.0) + i18n (1.7.0) + concurrent-ruby (~> 1.0) + loofah (2.4.0) + crass (~> 1.0.2) + nokogiri (>= 1.5.9) + mail (2.7.1) + mini_mime (>= 0.1.1) + marcel (0.3.3) + method_source (0.9.2) + mini_mime (1.0.2) + minitest (5.13.0) + msgpack (1.3.1) + nio4r (2.5.2) + nokogiri (1.10.7) + rack (2.0.7) + rack-test (1.1.0) + rack (>= 1.0, < 3) + rails (6.0.2.1) + actioncable (= 6.0.2.1) + actionmailbox (= 6.0.2.1) + actionmailer (= 6.0.2.1) + actionpack (= 6.0.2.1) + actiontext (= 6.0.2.1) + actionview (= 6.0.2.1) + activejob (= 6.0.2.1) + activemodel (= 6.0.2.1) + activerecord (= 6.0.2.1) + activestorage (= 6.0.2.1) + activesupport (= 6.0.2.1) + bundler (>= 1.3.0) + railties (= 6.0.2.1) + sprockets-rails (>= 2.0.0) + rails-dom-testing (2.0.3) + activesupport (>= 4.2.0) + nokogiri (>= 1.6) + railties (6.0.2.1) + actionpack (= 6.0.2.1) + activesupport (= 6.0.2.1) + method_source + rake (>= 0.8.7) + thor (>= 0.20.3, < 2.0) + rake (13.0.1) + sprockets-rails (3.2.1) + actionpack (>= 4.0) + activesupport (>= 4.0) + sprockets (>= 3.0.0) + sprockets (4.0.0) + concurrent-ruby (~> 1.0) + rack (> 1, < 3) + thor (0.20.3) + tzinfo (1.2.5) + thread_safe (~> 0.1) + thread_safe (0.3.6) + websocket-driver (0.7.1) + websocket-extensions (>= 0.1.0) + websocket-extensions (0.1.4) + +PLATFORMS + ruby + +DEPENDENCIES + bootsnap (>= 1.4.2) + rails (= 6.0.2.1) + +BUNDLED WITH + 2.1.4 \ No newline at end of file diff --git a/osv-scanner.toml b/osv-scanner.toml new file mode 100644 index 0000000..720fd05 --- /dev/null +++ b/osv-scanner.toml @@ -0,0 +1,20 @@ +# osv-scanner.toml +# This empty config mirrors default behavior: nothing is ignored. + +# --- Examples (leave commented) --- +# [[IgnoredVulns]] +# id = "CVE-YYYY-XXXX" +# # ignoreUntil = 2025-12-31 +# reason = "why this is safe to ignore" + +# [[PackageOverrides]] +# # Match fields (any subset): name, version, ecosystem, group +# name = "axios" +# ecosystem = "npm" +# # Actions (pick any): +# ignore = true # ignore both vulns and license +# vulnerability.ignore = true # ignore only vulnerabilities +# license.ignore = true # ignore only license +# license.override = ["MIT"] # override license(s) +# effectiveUntil = 2025-12-31 +# reason = "temporary exception"