🕵️♂️ go_over
A tool to audit Erlang & Elixir dependencies, to make sure your gleam projects really sparkle! ✨
🚨 NOTE: security advisories are NOT currently monitored for gleam dependencies. The language, while excellent, is far too new and niche
🔽 Install
gleam add --dev go_over
📣 Also!
- add
.go-over/to your.gitignore - make sure
gitis installed
▶️ Usage
gleam run -m go_over
🎥 Obligatory Asciinema
🏴 Flags
--skip: will skip checking the cache and used the stored data no matter what--force: will force pulling new data even if the cached data is still valid
⚙️ Config
Optional settings that can be added to your project’s gleam.toml
[go-over]
# disables caching if false
# default: true
cache = true
# sets output format ("minimal", "detailed")
# default: "minimal"
format = "minimal"
[go-over.ignore]
# list of package names to skip when checking for advisories & warnings
# default: []
packages = ["example_package"]
# list of warning severities to skip when checking for advisories & warnings
# default: []
# (case insensitive)
severity = ["example_moderate"]
# list of advisory IDs to skip when checking for advisories & warnings
# default: []
ids = ["GHSA-xxxx-yyyy-zzzz"]
⌛ Caching
- Security advisory data is cached for six hours
- hex.pm retired package data is cached for one hour
🖌️ Other Art
- As I’m sure is no surprise this tool is inspired by (and all around worse than) mirego/mix_audit. Please check it out!
- It also draws inspiration from mix hex.audit
⚖️ License
-
This tool uses mirego/elixir-security-advisories which is it self licensed with
BSD-3-Clause licenseCC-BY 4.0 open source license.- See their #license section
-
Code original to this repo is Licensed under
MIT