Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security: increase security scans and improve related documentation #352

Merged
merged 15 commits into from
Dec 5, 2023
Merged

Security: increase security scans and improve related documentation #352

merged 15 commits into from
Dec 5, 2023

Conversation

Guts
Copy link
Owner

@Guts Guts commented Dec 1, 2023
edited
Loading

Related to an end-user which expressed some concerns about QDT security policy, this PR:

  • add some automated security tests against dependencies (Safety form Pyup) and codebase (bandit)
  • run them on CI and/or as git hook to enforce appliance
  • add documentation about security policy

@github-actions github-actions bot added ci-cd Continuous integration and deployment. quality Tests, project resiliency, etc. labels Dec 1, 2023
@Guts Guts marked this pull request as ready for review December 1, 2023 12:13
@github-actions github-actions bot added documentation Improvements or additions to documentation dependencies Project dependencies. labels Dec 1, 2023
@Guts Guts self-assigned this Dec 1, 2023
@Guts Guts requested a review from jmkerloch December 1, 2023 13:08
Guts
Guts commented Dec 4, 2023
View reviewed changes
SECURITY.md Outdated Show resolved Hide resolved
Guts
Guts commented Dec 4, 2023
View reviewed changes
CONTRIBUTING.md Outdated Show resolved Hide resolved
@github-actions github-actions bot removed the quality Tests, project resiliency, etc. label Dec 4, 2023
@Guts Guts force-pushed the security/increase-security-scans branch 2 times, most recently from c3d9fdb to 9e28307 Compare December 4, 2023 19:09
jmkerloch
jmkerloch approved these changes Dec 5, 2023
View reviewed changes
Copy link
Collaborator

@jmkerloch jmkerloch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice feature. I'm considering adding this kind of check to more of my projects.

@Guts Guts force-pushed the security/increase-security-scans branch from 9e28307 to 30be55c Compare December 5, 2023 09:03
@Guts Guts enabled auto-merge (squash) December 5, 2023 09:03
@Guts Guts disabled auto-merge December 5, 2023 09:36
@Guts Guts merged commit 9caac78 into main Dec 5, 2023
8 checks passed
@Guts Guts deleted the security/increase-security-scans branch December 5, 2023 09:36
@Guts Guts added tooling Development tooling quality Tests, project resiliency, etc. labels Dec 5, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jmkerloch jmkerloch jmkerloch approved these changes

Assignees

@Guts Guts

Labels
ci-cd Continuous integration and deployment. dependencies Project dependencies. documentation Improvements or additions to documentation quality Tests, project resiliency, etc. tooling Development tooling
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Guts @jmkerloch