Add python static scan task

2026-02-06 03:13:42 -05:00 · 2022-08-26 14:12:26 +00:00
parent 1e987cce49
commit 8b6210eedb
3 changed files with 25 additions and 0 deletions
--- a/.github/workflows/checks.yml
+++ b/.github/workflows/checks.yml
@@ -52,3 +52,13 @@ jobs:
        ignore-vulns: PYSEC-2022-237
    - name: Run npm audit
      run: make npm-audit
+
+  static-scan:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: ./.github/actions/setup-project
+      - name: Install bandit
+        run: pip install bandit
+      - name: Run scan
+        run: bandit -r app/ --confidence-level medium
--- a/.github/workflows/daily_checks.yml
+++ b/.github/workflows/daily_checks.yml
@@ -42,3 +42,13 @@ jobs:
        ignore-vulns: PYSEC-2022-237
    - name: Run npm audit
      run: make npm-audit
+
+  static-scan:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: ./.github/actions/setup-project
+      - name: Install bandit
+        run: pip install bandit
+      - name: Run scan
+        run: bandit -r app/ --confidence-level medium
--- a/5
+++ b/5
@@ -81,6 +81,11 @@ pip-audit:
 .PHONY: audit
 audit: npm-audit pip-audit

+.PHONY: static-scan
+static-scan:
+	pip install bandit
+	bandit -r app/
+
 .PHONY: clean
 clean:
 	rm -rf node_modules cache target ${CF_MANIFEST_PATH}