Adding dependency vulnerability scanning to the CI process (#345)

Adding dependency scanning for CI

Co-authored-by: dvora-h <67596500+dvora-h@users.noreply.github.com>
This commit is contained in:
Chayim 2022-10-18 14:55:58 +03:00 committed by GitHub
parent c16895c445
commit 1221efd2c3
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -14,9 +14,31 @@ on:
schedule:
- cron: '0 6 * * *' # Daily 6AM UTC build
env:
pythonversion: 3.9
jobs:
dependency-audit:
name: Dependency audit
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: install python
uses: actions/setup-python@v3.1.2
with:
python-version: ${{env.pythonversion}}
- name: create local poetry install
run: |
python -m venv .venv
source .venv/bin/activate
python -m pip install poetry
poetry install
- uses: trailofbits/gh-action-pip-audit@v1.0.0
with:
virtual-environment: .venv
lint:
name: Linter
runs-on: ubuntu-latest
@ -27,7 +49,7 @@ jobs:
- name: Setup Python 3.9
uses: actions/setup-python@v4.3.0
with:
python-version: 3.9
python-version: ${{env.pythonversion}}
#----------------------------------------------
# ----- install & configure poetry -----
#----------------------------------------------