godber/embedding-buddy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity
Files
c9c2c0ef3943d5d454d5563dd40dd18bf0291e43
embedding-buddy/.gitea/workflows/security.yml
Austin Godber c9c2c0ef39
Some checks failed
Security Scan / security (pull_request) Successful in 48s
Details
Security Scan / dependency-check (pull_request) Failing after 36s
Details
Test Suite / lint (pull_request) Failing after 29s
Details
Test Suite / test (3.11) (pull_request) Successful in 1m24s
Details
Test Suite / build (pull_request) Has been skipped
Details
minor ci fixes
2025-08-13 20:44:48 -07:00

76 lines
1.8 KiB
YAML
Raw Blame History

name: Security Scan
on:
push:
branches: ["main", "master", "develop"]
pull_request:
branches: ["main", "master"]
schedule:
# Run security scan weekly on Sundays at 2 AM UTC
- cron: '0 2 * * 0'
jobs:
security:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install uv
uses: astral-sh/setup-uv@v3
with:
version: "latest"
- name: Set up Python
run: uv python install 3.11
- name: Install dependencies
run: uv sync
- name: Add security tools
run: |
uv add bandit[toml]
uv add safety
- name: Run bandit security linter
run: uv run bandit -r src/ -f json -o bandit-report.json
continue-on-error: true
- name: Run safety vulnerability check
run: uv run safety check --json --save-json safety-report.json
continue-on-error: true
- name: Upload security reports
uses: actions/upload-artifact@v3
with:
name: security-reports
path: |
bandit-report.json
safety-report.json
dependency-check:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install uv
uses: astral-sh/setup-uv@v3
with:
version: "latest"
- name: Set up Python
run: uv python install 3.11
- name: Check for dependency vulnerabilities
run: |
uv sync
uv add pip-audit
uv run pip-audit --format=json --output=pip-audit-report.json
continue-on-error: true
- name: Upload dependency audit report
uses: actions/upload-artifact@v4
with:
name: dependency-audit
path: pip-audit-report.json
Reference in New Issue View Git Blame Copy Permalink