From ebc00833305bf9d1e599e71afef472338056af23 Mon Sep 17 00:00:00 2001
From: Ryan Ahearn <ryan.ahearn@gsa.gov>
Date: Fri, 12 Aug 2022 16:11:57 +0000
Subject: [PATCH] Add pip-audit github check

---
 .github/workflows/checks.yml | 22 ++++++++++++++++++++--
 1 file changed, 20 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml
index 217e5b24d..f4d690052 100644
--- a/.github/workflows/checks.yml
+++ b/.github/workflows/checks.yml
@@ -66,9 +66,27 @@ jobs:
         SQLALCHEMY_DATABASE_TEST_URI: postgresql://user:password@localhost:5432/test_notification_api
     # - name: Run style checks
     #   run: flake8 .
-    # - name: Check imports alphabetized
-    #   run: isort --check-only ./app ./tests
+    - name: Check imports alphabetized
+      run: isort --check-only ./app ./tests
     - name: Run tests
       run: pytest -n4 --maxfail=10
       env:
         SQLALCHEMY_DATABASE_TEST_URI: postgresql://user:password@localhost:5432/test_notification_api
+
+  pip-audit:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Install container dependencies
+        run: |
+          sudo apt-get update \
+          && sudo apt-get install -y --no-install-recommends \
+          libcurl4-openssl-dev
+      - uses: actions/checkout@v3
+      - name: Set up Python 3.9
+        uses: actions/setup-python@v3
+        with:
+          python-version: "3.9"
+      - uses: trailofbits/gh-action-pip-audit@v1.0.0
+        with:
+          inputs: requirements.txt requirements_for_test.txt
+          ignore-vulns: PYSEC-2022-237