Add skip_bundle_audit option

railties/lib/rails/generators/app_base.rb

@@ -388,6 +388,10 @@ def skip_asset_pipeline? # :doc:
         options[:skip_asset_pipeline]
       end
 
+      def skip_bundle_audit?
+        options[:skip_bundle_audit]
+      end
+
       def skip_thruster?
         options[:skip_thruster]
       end

railties/lib/rails/generators/rails/app/app_generator.rb

@@ -177,7 +177,7 @@ def config_when_updating
         remove_file "config/initializers/cors.rb"
       end
 
-      if !bundle_audit_config_exist
+      if !skip_bundle_audit? && !bundle_audit_config_exist
         template "config/bundler-audit.yml"
       end
 

railties/lib/rails/generators/rails/app/templates/Gemfile.tt

@@ -55,8 +55,10 @@ group :development, :test do
   # See https://guides.rubyonrails.org/debugging_rails_applications.html#debugging-with-the-debug-gem
   gem "debug", platforms: %i[ mri windows ], require: "debug/prelude"
 
+  <%- unless skip_bundle_audit? -%>
   # Audits gems for known security defects (use config/bundler-audit.yml to ignore issues)
   gem "bundler-audit", require: false
+  <%- end -%>
 <%- unless options.skip_brakeman? -%>
 
   # Static analysis for security vulnerabilities [https://brakemanscanner.org/]