-
Notifications
You must be signed in to change notification settings - Fork 64
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support pip-audit configuration from pyproject.toml #694
Comments
This is mostly a volunteer-run project, it just hasn't been implemented yet. I think we're all likely in favor of this. |
To add on to what @di said: it's not that we don't follow community standards, but that There are a number of complexities involved in adding one, such as determining how best to interoperate with |
Thank you for adding some context to that @di @woodruffw! I just saw that a few issues mention By the way, are you able to say something about the priority of this feature? |
It's not an immediate priority I believe, but I think we'd be happy to review a PR that makes these changes. But before that, there should be some discussion on this issue about what the scope of the configuration will be:
|
I'd love if this was part of |
I believe #694 (comment) covers the preconditions for this feature. We're interested in hearing from users about each of the bullets in that comment. |
Is your feature request related to a problem? Please describe.
Yes, having a single CI workflow for multiple repositories we cannot easily ignore vulnerabilities affecting single repository only. Also specifying extra indexes per repository is severely hampered here.
Describe the solution you'd like
With pip-audit configuration in
pyproject.toml
we could specify custom settings just on single repository level having the CI untouched (CI is executing alwayspoetry run pip-audit
).For example:
Describe alternatives you've considered
Using another tool.
Additional context
The most used code quality tools for python support configuration from
pyproject.toml
. For example:So I wonder that the official tool from PyPA does not follow community standards.
The text was updated successfully, but these errors were encountered: