Skip to content

Commit

Permalink
Add vulnerability scanning for unpinned dependencies
Browse files Browse the repository at this point in the history
  • Loading branch information
@davitmamrikishvili
davitmamrikishvili committed Jul 17, 2024
1 parent 91286b4 commit a3d7f99
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 2 deletions.
15 changes: 13 additions & 2 deletions .github/workflows/scanning.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,18 @@ name: 'Vulnerabilities scanning'
on:
push:

env:
DEP_PATH: requirements.txt

jobs:
scan:
name: Vulnerabilities scan
uses: th2-net/.github/.github/workflows/python-scan.yml@main
runs-on: ubuntu-latest
steps:
- name: Check out master
uses: actions/checkout@master
- name: Security vulnerabilities scan
continue-on-error: false
uses: aufdenpunkt/python-safety-check@master
with:
scan_requirements_file_only: 'true'
safety_args: '--policy-file .safety-policy.yaml'
3 changes: 3 additions & 0 deletions .safety-policy.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
security:
ignore-unpinned-requirements: False
continue-on-vulnerability-error: False

0 comments on commit a3d7f99

Please sign in to comment.