-
Notifications
You must be signed in to change notification settings - Fork 41
37 lines (34 loc) · 1.02 KB
/
cve-scanning-python.yml
File metadata and controls
37 lines (34 loc) · 1.02 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
name: CVE Scanning for Python
on:
schedule:
- cron: '0 8,18 * * 1-5'
pull_request:
paths:
- 'pyproject.toml'
- '.safety-policy.yml'
- '.github/workflows/cve-scanning-python.yml'
env:
PYTHON_KEYRING_BACKEND: keyring.backends.null.Keyring
jobs:
scan:
name: Build and test App
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v4
with:
python-version: "3.10"
- uses: abatilo/actions-poetry@192395c0d10c082a7c62294ab5d9a9de40e48974
with:
poetry-version: "2.0.0"
- name: Install safety
run: pip3 install safety
- name: Build app
run: poetry build
- name: Test app
run: |
poetry install
- name: Scan CVEs
run: poetry export --without-hashes -f requirements.txt | safety check --full-report --stdin
# Without poetry, use this command instead
# run: safety check -r requirements.txt --full-report --policy-file safety-policy.yml