Skip to content
This repository has been archived by the owner on Aug 6, 2024. It is now read-only.

Commit

Permalink
Run safety via pre-commit
Browse files Browse the repository at this point in the history 
Running safety from the same environment that it is supposed to scan is
problematic, as malicious dependencies can modify safety to hide
vulnerabilities. This is CVE-2020-5252.

Safety can be run manually with: poetry export --with=dev -E container -E freeipa-vault | safety check -r -
  • Loading branch information
@yrro
yrro committed Feb 18, 2023
1 parent e9d2486 commit ff28f39
Show file tree
Hide file tree
Showing 3 changed files with 5 additions and 151 deletions.
4 changes: 4 additions & 0 deletions .pre-commit-config.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,3 +23,7 @@ repos:
additional_dependencies:
- Flake8-pyproject
language_version: python3
- repo: https://github.com/Lucas-C/pre-commit-hooks-safety
rev: v1.3.1
hooks:
- id: python-safety-dependencies-check
151 changes: 1 addition & 150 deletions poetry.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 0 additions & 1 deletion pyproject.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,6 @@ ipaclient = {version = "^4.8.9", optional = true}

[tool.poetry.group.dev.dependencies]
httpie = "^3.2.1"
safety = "^2.0.0"

[build-system]
requires = ["poetry-core>=1.0.0"]
Expand Down

0 comments on commit ff28f39

Please sign in to comment.