Skip to content

Updates docs based on rad-ignores/yamllint Rakefile changes #1121

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
jasnow merged 1 commit into from
Jun 16, 2026
+10 −8
Merged

Updates docs based on rad-ignores/yamllint Rakefile changes #1121

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 8 additions & 7 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -214,11 +214,9 @@ patched_versions:
* https://www.cve.org/CVERecord
* When present, the CVE should be used in the primary "url:", "cve:", and "related:"/"url:" fields.
* All text should be wrapped at 80 columns.
* Run [`yamllint`](https://yamllint.readthedocs.io/en/stable/quickstart.html] to check yaml format.
* YAML must be indented by 2 spaces.
* Ruby YAML does not like embedded ":" characters.
* For more info:
* https://pypi.org/project/yamllint
* [Github Action workflow](https://github.com/rubysec/ruby-advisory-db/blob/master/.github/workflows/ruby.yml)
* Run `rspec spec/schema_validation_spec.rb` for aditional lint checks.
* Check all URLs for dead links.
Expand All @@ -239,12 +237,15 @@ bundle exec rspec
* The usual GHSA/SYNC workflow is:
1. Run "GH_API_TOKEN=`GITHUB_TOKEN_VALUE` bundle exec rake sync_github_advisories" ruby script.
- The rake task will write YAML files for any missing advisories.
- Then it runs "./lib/rad-ignores.sh" shell script to
ignore duplicate advisories.
- Then it runs "yamllint" for all gems and rubies yml files.
- More details follow this paragraph.
2. Run "./lib/rad-ignores.sh" shell script to ignore duplicate advisories.
3. Run "rake" to run the lint checks.
4. Run "yamllint $(find gems rubies -type f |grep yml$)".
5. If new or modified advisories, submit a PR to the repo.
6. CAVEAT: Between steps 2 and 5, you might need to manually edit the files.

2. Run "rake" to run the lint checks.

3. If new or modified advisories, submit a PR to the repo.
4. CAVEAT: Between steps 2 and 5, you might need to manually edit the files.

There is a script that will create initial YAML files for RubyGem advisories
which are in the [GitHub Security Advisory API], but are not already in this
Expand Down
3 changes: 2 additions & 1 deletion docs/external-data-improvements.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,8 @@ Here are the different sources of information this repo usually uses and how to
- See [repo](https://github.com/rubysec/ruby-advisory-db) README on policy.
- Have only project-specific data (announcement, blog, CHANGELOG, Release notes) about advisory
- Google for more information. Try to contact developer privately.
- To exclude a duplicate or disputed advisories, send them to @jasnow to add them to his ignored-dup-list.file.
- To exclude a duplicate or disputed advisories, create a PR to add them
to [file](https://github.com/rubysec/ruby-advisory-db/lib/rad-ignores.sh).

## GEMS

Expand Down