mirror of
https://github.com/GSA/notifications-api.git
synced 2026-07-10 19:33:56 -04:00
Implement bandit static security scan
This commit is contained in:
10
.github/workflows/checks.yml
vendored
10
.github/workflows/checks.yml
vendored
@@ -74,3 +74,13 @@ jobs:
|
||||
with:
|
||||
inputs: requirements.txt requirements_for_test.txt
|
||||
ignore-vulns: PYSEC-2022-237
|
||||
|
||||
static-scan:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- uses: ./.github/actions/setup-project
|
||||
- name: Install bandit
|
||||
run: pip install bandit
|
||||
- name: Run scan
|
||||
run: bandit -r app/ --confidence-level medium
|
||||
|
||||
5
Makefile
5
Makefile
@@ -82,6 +82,11 @@ audit:
|
||||
pip install --upgrade pip-audit
|
||||
pip-audit -r requirements.txt -r requirements_for_test.txt -l --ignore-vuln PYSEC-2022-237
|
||||
|
||||
.PHONY: static-scan
|
||||
static-scan:
|
||||
pip install bandit
|
||||
bandit -r app/
|
||||
|
||||
.PHONY: clean
|
||||
clean:
|
||||
rm -rf node_modules cache target venv .coverage build tests/.cache ${CF_MANIFEST_PATH}
|
||||
|
||||
Reference in New Issue
Block a user