feat: add support for environment variable PIP_AUDIT_IGNORE_VULNS to override the command-line option of the same name

jenstroeger · jenstroeger · commit 96c07c586b28 · 2025-10-15T16:10:48.000+10:00
diff --git a/pip_audit/_cli.py b/pip_audit/_cli.py
@@ -378,7 +378,7 @@ def _parser() -> argparse.ArgumentParser:  # pragma: no cover
         metavar="ID",
         action="append",
         dest="ignore_vulns",
-        default=[],
+        default=os.environ.get("PIP_AUDIT_IGNORE_VULNS", "").split(),
         help=(
             "ignore a specific vulnerability by its vulnerability ID; "
             "this option can be used multiple times"
diff --git a/test/test_cli.py b/test/test_cli.py
@@ -222,6 +222,7 @@ def test_environment_variable(monkeypatch):
     monkeypatch.setenv("PIP_AUDIT_OUTPUT", "/tmp/fake")
     monkeypatch.setenv("PIP_AUDIT_PROGRESS_SPINNER", "off")
     monkeypatch.setenv("PIP_AUDIT_VULNERABILITY_SERVICE", "osv")
+    monkeypatch.setenv("PIP_AUDIT_IGNORE_VULNS", "cve ghsa xyz")
 
     parser = pip_audit._cli._parser()
     monkeypatch.setattr(pip_audit._cli, "_parse_args", lambda *a: parser.parse_args([]))
@@ -232,3 +233,4 @@ def test_environment_variable(monkeypatch):
     assert args.output == Path("/tmp/fake")
     assert not args.progress_spinner
     assert args.vulnerability_service == VulnerabilityServiceChoice.Osv
+    assert args.ignore_vulns == ["cve", "ghsa", "xyz"]
