Request - HTML output

[sterankin]

I'm not seeing an obvious way to output to HTML as part of a CI build.

Is there an -o html?

Also - how can i prevent the CI task from failing with an Exit status of 1?

[thirdender]

The author is working on a Formatting API, as several people have requested JSON and XML output. See #161 for details. If the XML formatter is working, you might be able to convert it to HTML using XSLT.

For the exit status, it looks like it will always return an exit code of 1 if there are vulnerabilities (https://github.com/rubysec/bundler-audit/blob/master/lib/bundler/audit/cli.rb#L57). You can look into methods of ignoring this value in your CI task, but I think the correct solution is to replace the vulnerable dependencies in your project.

[salzig]

#206 adds support for plain and xml output.

@sterankin

bundle-audit check || true

[clushie]

Just in case someone needs an easy one-shot solution to display bundler-audit's output in a browser you (just the colors) you can do something like this, which results in a html you can check out here.

#!/bin/bash
set -ue

HTML_FILE="./bundler_audit.html"

# force color output by pretending to be an interactive tty
faketty() { script -qfc "$(printf '%q ' "$@")"; }

cat - > "${HTML_FILE}" <<EOF
<html>
  <meta charset="utf-8" />
  <title> bundler-audit report </title>
  <script src="https://cdn.jsdelivr.net/npm/ansi_up@4/ansi_up.min.js" type="text/javascript"></script>
  <script type="text/javascript">

  document.addEventListener('DOMContentLoaded', function(event) {
      var console = document.getElementById("console");
      var console_text = console.textContent
      console.textContent = ""
      var ansi_up = new AnsiUp;
      var html = ansi_up.ansi_to_html(console_text);
      console.innerHTML = html;
  });
  </script>
  <pre id="console">
EOF

faketty bundler-audit check | tee -a "${HTML_FILE}"

echo '</pre></html>' >> "${HTML_FILE}"

[postmodern]

bundler-audit 0.8.0.rc1 has been released, and includes a new extendable Formats API. It should now be possible to write 3rd party formats that are loaded via require.

[postmodern]

If anyone wants bundler-audit to officially support HTML output, all that I request is:

• It must be either use heredoc or ERB. No extra dependencies on Nokogiri, HTML helpers, etc.
• It must output static HTML and CSS. No JavaScript.
• Vanilla CSS. No SASS, SCSS, or CSS frameworks that require npm or yarn, etc.
• Embedded images are OK. (I prefer embedded SVGs.)

Also, we could use Thor's built-in HTML output, but I bet we could structure the data much better in HTML tables and lists.

[postmodern]

Now that bundler-audit 0.8.0 has finally been released, work can start on HTML output using the new Bundler::Audit::CLI::Formats API.