-
Notifications
You must be signed in to change notification settings - Fork 2
48 lines (41 loc) · 1.19 KB
/
vulnerability.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
---
name: Vulnerability Test
on:
push:
branches:
- main
pull_request:
branches:
- main
jobs:
code-vulnerabilities:
name: Code
runs-on: ubuntu-latest
steps:
- name: Check out repository
uses: actions/checkout@v4
- name: Set up environment
uses: ./.github/actions/setup/poetry
with:
os: ${{ job.os }}
python-version: '3.11'
poetry-install-options: "--only=vulnerability --no-root"
poetry-export-options: "--only=vulnerability"
- name: Check code vulnerabilities with bandit
run: poetry run bandit -c pyproject.toml -r tus_storagehandler/
dependency-vulnerabilities:
name: Dependencies
runs-on: ubuntu-latest
steps:
- name: Check out repository
uses: actions/checkout@v4
- name: Set up environment
uses: ./.github/actions/setup/poetry
with:
os: ${{ job.os }}
python-version: '3.11'
poetry-install-options: "--only=vulnerability --no-root"
poetry-export-options: "--only=vulnerability"
- name: Check dependency vulnerabilities with safety
run: poetry run safety check --full-report
...