Skip to content
Snippets Groups Projects
Commit c5d5119a authored by Tom Prince's avatar Tom Prince
Browse files

Pin new vulnix.

parent 40896010
No related branches found
No related tags found
2 merge requests!228merge develop into production,!196Use a version of vulnix that doesn't collapse derivations with different sets of patches.
Hide whitespace changes
Inline Side-by-side
ci-tools/vulnerability-scan
+ 6
0
View file @ c5d5119a
...@@ -32,6 +32,12 @@ else ...@@ -32,6 +32,12 @@ else
fi fi
' '
# The version (1.9.6) of vulnix in nixos-21.05 incorrectly collapses
# derivations with the same name+version, but different sets of patches
# applied. Therefore, we use a recent nixos-unstable version that has a newer
# version of vulnix included.
export NIX_PATH=nixpkgs=https://api.github.com/repos/NixOS/nixpkgs/tarball/ee084c02040e864eeeb4cf4f8538d92f7c675671
# vulnix exits with an error status if there are vulnerabilities. We told # vulnix exits with an error status if there are vulnerabilities. We told
# GitLab to allow this by setting `allow_failure` to true in the GitLab CI # GitLab to allow this by setting `allow_failure` to true in the GitLab CI
# config. vulnix exit status indicates what vulnix thinks happened. If we # config. vulnix exit status indicates what vulnix thinks happened. If we
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment