darkhelm/notifications-api
1
0
Fork 0
mirror of https://github.com/GSA/notifications-api.git synced 2026-02-02 09:26:08 -05:00
Code Issues Packages Projects Releases Wiki Activity

Implement bandit static security scan

Browse Source
This commit is contained in:
Ryan Ahearn
2022-08-12 17:19:28 -04:00
parent 6e96ffdc09
commit fb1e6b3e9d
2 changed files with 15 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
.github/workflows/checks.yml vendored
View File

@@ -74,3 +74,13 @@ jobs:
with: with:
inputs: requirements.txt requirements_for_test.txt inputs: requirements.txt requirements_for_test.txt
ignore-vulns: PYSEC-2022-237 ignore-vulns: PYSEC-2022-237
static-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: ./.github/actions/setup-project
- name: Install bandit
run: pip install bandit
- name: Run scan
run: bandit -r app/ --confidence-level medium

5
Makefile
View File

@@ -82,6 +82,11 @@ audit:
pip install --upgrade pip-audit pip install --upgrade pip-audit
pip-audit -r requirements.txt -r requirements_for_test.txt -l --ignore-vuln PYSEC-2022-237 pip-audit -r requirements.txt -r requirements_for_test.txt -l --ignore-vuln PYSEC-2022-237
.PHONY: static-scan
static-scan:
pip install bandit
bandit -r app/
.PHONY: clean .PHONY: clean
clean: clean:
rm -rf node_modules cache target venv .coverage build tests/.cache ${CF_MANIFEST_PATH} rm -rf node_modules cache target venv .coverage build tests/.cache ${CF_MANIFEST_PATH}