darkhelm/notifications-api
1
0
Fork 0
mirror of https://github.com/GSA/notifications-api.git synced 2026-02-01 23:55:58 -05:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #346 from GSA/stvnrlly/gh-artifacts

Browse Source 
Create simpler compliance artifacts
This commit is contained in:
Carlo Costino
2023-07-12 11:09:02 -04:00
committed by GitHub
parent 5bf285d117 a99c01eb14
commit 599f1fde2c
1 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
.github/workflows/daily_checks.yml vendored
View File

@@ -30,6 +30,11 @@ jobs:
- uses: pypa/gh-action-pip-audit@v1.0.6
with:
inputs: requirements.txt
- name: Upload pip-audit artifact
uses: actions/upload-artifact@v3
with:
name: pip-audit-report
path: /tmp/pip-audit-output.txt
static-scan:
runs-on: ubuntu-latest
@@ -39,7 +44,12 @@ jobs:
- name: Install bandit
run: pip install bandit
- name: Run scan
run: bandit -r app/ --confidence-level medium
run: bandit -r app/ -f txt -o /tmp/bandit-output.txt --confidence-level medium
- name: Upload bandit artifact
uses: actions/upload-artifact@v3
with:
name: bandit-report
path: /tmp/bandit-output.txt
dynamic-scan:
runs-on: ubuntu-latest