Sandworm reads configurations from a local
.sandworm.config.jsonfile in the root directory of the app being audited. Here is an example file that includes all of the available configuration fields:
"high": ["cat:Network Protective", "cat:Strongly Protective"],
"moderate": ["cat:Weakly Protective"]
Note that all configs need to go under the
auditroot key, and not directly in the root of the json file.
Also include dev dependencies in the audit. Note that this might make audits take noticeably longer, as a lot more dependency data needs to be retrieved from the registry.
Should tree and treemap chart node titles also include the represented package version. Version info is also available by hovering the node.
The maximum depth to represent in tree and treemap charts. Useful for large projects with deep dependency graphs.
The minimum severity level for issues to be displayed in the tree and treemap charts.
The output path for the audit artifact files.
Skip scanning for license issues
Skip scanning for meta issues
Don't output the dependency tree chart
Don't output the dependency treemap chart
Don't output the dependencies csv file
Don't output the JSON report
Don't output any file
Show Sandworm tips while building the dependency graph