rubysec · GoutamSingired · Apr 18, 2026
diff --git a/lib/bundler/audit/scanner.rb b/lib/bundler/audit/scanner.rb
@@ -218,11 +218,8 @@ def scan_sources(options={})
       def scan_specs(options={})
         return enum_for(__method__,options) unless block_given?
 
-        ignore = if options[:ignore]
-                   Set.new(options[:ignore])
-                 else
-                   config.ignore
-                 end
+        ignore = config.ignore
+        ignore.merge(Set.new(options[:ignore])) if options[:ignore]
 
         @lockfile.specs.each do |gem|
           @database.check_gem(gem) do |advisory|

diff --git a/spec/scanner_spec.rb b/spec/scanner_spec.rb
@@ -80,6 +80,17 @@
         expect(ids).not_to include('OSVDB-89025')
       end
 
+      context "when the :ignore option is given" do
+        subject { scanner.scan(ignore: ['CVE-2013-0156']) }
+
+        it "should ignore the specified advisories" do
+          ids = subject.map { |result| result.advisory.id }
+
+          expect(ids).not_to include('CVE-2013-0156')
+          expect(ids).not_to include('OSVDB-89025')
+        end
+      end
+
       context "when config path is absolute" do
         let(:bundle) { 'unpatched_gems' }
         let(:absolute_config_path) { File.absolute_path(File.join('spec','bundle','unpatched_gems_with_dot_configuration', '.bundler-audit.yml')) }