Add option to fail an audit if a dependency can't be audited #142

tetsuo-cpp · 2021-11-29T00:05:51Z

Is your feature request related to a problem? Please describe.

If an environment contains unauditable dependencies, some users might prefer that pip-audit fails loudly by returning a non-zero exit code instead of just logging a warning and skipping it.

Describe the solution you'd like

Provide some kind of command line flag (maybe --strict) to control whether to fail the audit when a dependency can't be audited.

The text was updated successfully, but these errors were encountered:

woodruffw · 2021-11-29T16:26:40Z

I think this will also be solved nicely by the approach I braindumped in #141 (comment) -- when --strict is passed, we can fail with a reasonable error message on the first SkippedDependency we encounter.

tetsuo-cpp added enhancement New feature or request component:cli CLI components labels Nov 29, 2021

tetsuo-cpp mentioned this issue Nov 29, 2021

_dependency_source/pip: Log a warning and skip auditing for packages with invalid versions #139

Merged

woodruffw mentioned this issue Nov 30, 2021

README, _cli: Add a -S, --strict mode #146

Merged

woodruffw added this to the Stable Release milestone Nov 30, 2021

tetsuo-cpp closed this as completed in #146 Dec 1, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add option to fail an audit if a dependency can't be audited #142

Add option to fail an audit if a dependency can't be audited #142

tetsuo-cpp commented Nov 29, 2021

woodruffw commented Nov 29, 2021

Add option to fail an audit if a dependency can't be audited #142

Add option to fail an audit if a dependency can't be audited #142

Comments

tetsuo-cpp commented Nov 29, 2021

woodruffw commented Nov 29, 2021