darkhelm/notifications-api
1
0
Fork 0
mirror of https://github.com/GSA/notifications-api.git synced 2026-05-09 10:38:31 -04:00
Code Issues Packages Projects Releases Wiki Activity

run pip-audit only on production code

Browse Source
This commit is contained in:
Kenneth Kehl
2026-03-26 10:24:43 -07:00
parent b4196f1c5e
commit 76df6bbabe
2 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.github/workflows/checks.yml vendored
View File

@@ -93,6 +93,7 @@ jobs:
inputs: requirements.txt
ignore-vulns: |
PYSEC-2023-312
CVE-2026-4539
static-scan:
runs-on: ubuntu-latest

2
.github/workflows/daily_checks.yml vendored
View File

@@ -26,7 +26,7 @@ jobs:
- uses: actions/checkout@v4
- uses: ./.github/actions/setup-project
- name: Create requirements.txt
run: poetry export --only main --output requirements.txt
run: poetry export --output requirements.txt
- uses: pypa/gh-action-pip-audit@v1.1.0
with:
inputs: requirements.txt