29 lines
759 B
YAML
29 lines
759 B
YAML
name: SCA - pip-audit
|
|
|
|
on:
|
|
push:
|
|
branches: [main, develop]
|
|
pull_request:
|
|
branches: [main]
|
|
|
|
jobs:
|
|
pip-audit:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Install system deps
|
|
run: apt-get update -qq && apt-get install -y git -qq
|
|
|
|
- name: Checkout code
|
|
run: |
|
|
rm -rf repo
|
|
git clone https://oauth2:${{ secrets.GITEA_TOKEN }}@git.akarkode.com/${{ gitea.repository }}.git repo
|
|
cd repo && git checkout ${{ gitea.sha }}
|
|
|
|
- name: Install pip-audit
|
|
run: pip install pip-audit
|
|
|
|
- name: Run pip-audit scan
|
|
run: pip-audit -r repo/Pipfile.lock || true
|
|
|
|
- name: Fail on HIGH/CRITICAL
|
|
run: pip-audit -r repo/Pipfile.lock --severity high --fail-on-severity high |