Name: cocoapods-blacklist
Owner: Yahoo Inc.
Description: A CocoaPods plugin used to check a project against a list of pods that you do not want included in your build. Security is the primary use, but keeping specific pods that have conflicting licenses is another possible use.
Created: 2015-05-18 21:55:53.0
Updated: 2018-02-05 22:00:47.0
Pushed: 2015-11-17 03:51:20.0
Size: 15
Language: Ruby
GitHub Committers
User | Most Recent Commit | # Commits |
---|
Other Committers
User | Most Recent Commit | # Commits |
---|
A CocoaPods plugin used to check a project against a list of pods that you do not want included in your build. Security is the primary use, but keeping specific pods that have conflicting licenses is another possible use.
We use this in our continuous integration builds. If a security issue is found with a pod, we can update our blacklist.json
file and builds will start to fail immediately. Developers don't always read the email about a new vulnerability. They definitely notice when the build fails. :smile:
$ gem install cocoapods-blacklist
$ pod blacklist [LOCKFILE] --config=BLACKLIST_CONFIG
The LOCKFILE
is optional, and ./Podfile.lock
is assumed if one is not explicitly passed in.
The blacklist config file is a JSON file that has an array of pods, each one containing a hash with:
Podfile
ods":[
{
"name":"FooKit",
"reason":"FooKit 1.2.2 did not check passwords on Thursdays",
"versions":"1.2.2"
},
{
"name":"BananaKit",
"reason":"Vulnerable to code injection with malformed BQL queries",
"versions":[">=3.4.2", "<3.6.0"]
}
Code licensed under the MIT license. See LICENSE file for terms.