Document new vars for dependency scanning

8e5af6c6 · Igor Frenkel · Achilleas Pipinellis · ce46ad53 · 8e5af6c6
Commit 8e5af6c6 authored Feb 07, 2020 by Igor Frenkel Committed by Achilleas Pipinellis Feb 07, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 0 deletions

doc/user/application_security/dependency_scanning/index.md doc/user/application_security/dependency_scanning/index.md +2 -0

No files found.
--- a/doc/user/application_security/dependency_scanning/index.md
+++ b/doc/user/application_security/dependency_scanning/index.md
@@ -151,6 +151,8 @@ using environment variables.
 | `PIP_REQUIREMENTS_FILE`                 | Pip requirements file to be scanned. |
 | `MAVEN_CLI_OPTS`                        | List of command line arguments that will be passed to `maven` by the analyzer. The default is `"-DskipTests --batch-mode"`. See an example for [using private repos](#using-private-maven-repos). |
 | `BUNDLER_AUDIT_UPDATE_DISABLED`         | Disable automatic updates for the `bundler-audit` analyzer (default: `"false"`). Useful if you're running Dependency Scanning in an offline, air-gapped environment.|
+| `BUNDLER_AUDIT_ADVISORY_DB_URL`         | URL of the advisory database used by bundler-audit (default: `https://github.com/rubysec/ruby-advisory-db`). |
+| `BUNDLER_AUDIT_ADVISORY_DB_REF_NAME`    | Git ref for the advisory database specified by `BUNDLER_AUDIT_ADVISORY_DB_URL` (default: `master`). |

 ### Using private Maven repos