-
Notifications
You must be signed in to change notification settings - Fork 5
40 lines (37 loc) · 1.15 KB
/
cve-scanning-python.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
name: CVE Scanning for Python
on:
schedule:
- cron: '0 8,18 * * 1-5'
push:
paths:
- 'python/pyproject.toml'
- 'python/safety-policy.yml'
- '.github/workflows/cve-scanning-python.yml'
env:
PYTHON_KEYRING_BACKEND: keyring.backends.null.Keyring
jobs:
scan:
name: Build and test App
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v4
with:
python-version: "3.10"
- uses: abatilo/actions-poetry@437d4fa27baf74d89b789ba2d8cae97dd2365feb
with:
poetry-version: "1.2.2"
- name: Install safety
run: pip3 install safety
- name: Build app
run: poetry build
working-directory: python
- name: Test app
run: |
poetry install
working-directory: python
- name: Scan CVEs
run: poetry export --without-hashes -f requirements.txt | safety check --full-report --stdin --policy-file safety-policy.yml
# Without poetry, use this command instead
# run: safety check -r requirements.txt --full-report --policy-file safety-policy.yml
working-directory: python