17 Commits

Author	SHA1	Message	Date
Carlo Costino	14508b2d97	Update GitHub Actions ... This changeset updates all references to GitHub Actions to be version 4 due to a mandatory Node.js update. Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>	2024-04-04 08:40:24 -04:00
Carlo Costino	38379176f4	Update OWASP ZAP scans ... The OWASP ZAP scan GitHub Actions have been updated recently and we need to make sure our GitHub Actions account for the recent changes. This changeset makes sure we are using the latest version of the OWASP ZAP API scan and the correct Docker image. Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>	2023-09-28 17:31:39 -04:00
Kenneth Kehl	e8d7d91402	switch from pipenv to poetry	2023-09-01 07:56:02 -07:00
Steven Reilly	3c31bb8c16	bump pip-audit action to 1.0.6 (#498)	2023-05-05 13:20:20 -04:00
Ryan Ahearn	80184a98fd	Remove ignore-vulnerability line for remediated redis vuln	2023-03-29 16:55:42 -04:00
Ryan Ahearn	1fe0ad0d83	Ignore known issue with redis 4.5.3	2023-03-28 09:16:09 -04:00
Ryan Ahearn	67b64f11b9	Use credentials output by terraform/development	2023-03-13 15:30:37 -04:00
Ryan Ahearn	23f6f3c726	Report data to newrelic	2023-01-23 10:00:03 -05:00
Ryan Ahearn	197c17c1a9	Update pip-audit gh action	2023-01-03 09:59:27 -05:00
stvnrlly	a0e4e184a9	pipenv in gh actions	2022-11-08 09:44:41 -05:00
Ryan Ahearn	55abdae45d	Use stable OWASP image because weekly is hanging	2022-10-27 13:11:46 -04:00
Ryan Ahearn	d87d673b85	Consolidate and simplify environment variables and config.py	2022-10-19 20:29:45 +00:00
Ryan Ahearn	773cd99790	Only run pip-audit on runtime dependencies in CI	2022-10-19 10:39:46 -04:00
Ryan Ahearn	0213598bf8	Switch some false-positive prone tests to WARN instead of FAIL	2022-08-29 13:01:20 -04:00
Ryan Ahearn	581caa4d14	Add owasp full scan to daily checks	2022-08-26 17:14:08 -04:00
Ryan Ahearn	8b6210eedb	Add python static scan task	2022-08-26 14:12:26 +00:00
Ryan Ahearn	fa7b1a41b8	Add python and npm audits to checks.yml	2022-08-25 16:55:33 -04:00