I have a Jenkins pipeline where I am scanning my requirements.txt file with
safety check -r requirements.txt
This leads to generating a vulnerability report where the advisory is an upgrade to a beta package. For example, 2.0.0b1.
Now my pipeline fails as this is a vulnerability and it is set to fail upon finding vulnerabilities. Is there a way to suppress these "ADVISORIES" if beta version is coming up as suggestions?
I have tried writing to file and reading from that but that doesn't work.
I have also tried safety check -r requirements.txt --ignore 12345 but this requires me to know the vulnerability id in advance.
Any suggestions are welcome. Thank you in advance.
I was able to get it to work by writing the output of the command to a variable irrespective of success or failure (meaning if the safety check command fails on finding a vulnerability which stops the flow [this is the normal behavior in the Jenkins pipeline]), forcing the flow to still continue.
I used safety check -r requirements.txt || true and then applied some regex to identify beta packages as suggested resolutions in the output and skip them, avoiding failures.
This was very specific for my use-case. Putting this solution out there, if someone ever needs it.
Better solutions are always welcome.