Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Request - HTML output #197

Open
sterankin opened this issue Aug 31, 2018 · 6 comments
Open

Request - HTML output #197

sterankin opened this issue Aug 31, 2018 · 6 comments

Comments

@sterankin
Copy link

I'm not seeing an obvious way to output to HTML as part of a CI build.

Is there an -o html?

Also - how can i prevent the CI task from failing with an Exit status of 1?

@thirdender
Copy link

The author is working on a Formatting API, as several people have requested JSON and XML output. See #161 for details. If the XML formatter is working, you might be able to convert it to HTML using XSLT.

For the exit status, it looks like it will always return an exit code of 1 if there are vulnerabilities (https://github.com/rubysec/bundler-audit/blob/master/lib/bundler/audit/cli.rb#L57). You can look into methods of ignoring this value in your CI task, but I think the correct solution is to replace the vulnerable dependencies in your project.

@salzig
Copy link

salzig commented Jan 18, 2019

#206 adds support for plain and xml output.

@sterankin

bundle-audit check || true

@clushie
Copy link

clushie commented Jun 23, 2020

Just in case someone needs an easy one-shot solution to display bundler-audit's output in a browser you (just the colors) you can do something like this, which results in a html you can check out here.

#!/bin/bash
set -ue

HTML_FILE="./bundler_audit.html"

# force color output by pretending to be an interactive tty
faketty() { script -qfc "$(printf '%q ' "$@")"; }

cat - > "${HTML_FILE}" <<EOF
<html>
  <meta charset="utf-8" />
  <title> bundler-audit report </title>
  <script src="https://cdn.jsdelivr.net/npm/ansi_up@4/ansi_up.min.js" type="text/javascript"></script>
  <script type="text/javascript">

  document.addEventListener('DOMContentLoaded', function(event) {
      var console = document.getElementById("console");
      var console_text = console.textContent
      console.textContent = ""
      var ansi_up = new AnsiUp;
      var html = ansi_up.ansi_to_html(console_text);
      console.innerHTML = html;
  });
  </script>
  <pre id="console">
EOF

faketty bundler-audit check | tee -a "${HTML_FILE}"

echo '</pre></html>' >> "${HTML_FILE}"

@postmodern
Copy link
Member

bundler-audit 0.8.0.rc1 has been released, and includes a new extendable Formats API. It should now be possible to write 3rd party formats that are loaded via require.

@postmodern
Copy link
Member

If anyone wants bundler-audit to officially support HTML output, all that I request is:

  • It must be either use heredoc or ERB. No extra dependencies on Nokogiri, HTML helpers, etc.
  • It must output static HTML and CSS. No JavaScript.
  • Vanilla CSS. No SASS, SCSS, or CSS frameworks that require npm or yarn, etc.
  • Embedded images are OK. (I prefer embedded SVGs.)

Also, we could use Thor's built-in HTML output, but I bet we could structure the data much better in HTML tables and lists.

@postmodern
Copy link
Member

Now that bundler-audit 0.8.0 has finally been released, work can start on HTML output using the new Bundler::Audit::CLI::Formats API.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

5 participants