added github workflow

Author: Jannis-Mittenzwei

.github/workflows/checks.yml

@@ -120,6 +120,24 @@ jobs:
           path: .security.json
           include-hidden-files: true
 
+  Vulnerabilities:
+    name: Package Vulnerabilities Checks (Python-${{ matrix.python-version }})
+    runs-on: ubuntu-latest
+    strategy:
+      matrix: ${{ fromJson(needs.build-matrix.outputs.matrix) }}
+
+    steps:
+      - name: SCM Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Python & Poetry Environment
+        uses: ./.github/actions/python-environment
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Run Package vulnerabilities Check
+        run: poetry run nox -s dependency:audit
+
   Format:
     name: Format Check
     runs-on: ubuntu-latest

exasol/toolbox/nox/_dependencies.py

@@ -212,10 +212,20 @@ def _normalize_package_name(name: str) -> str:
     return template.format(heading=heading(), rows=rows)
 
 
+def _audit(session: Session) -> None:
+    session.run("poetry", "run", "pip-audit")
+
+
 @nox.session(name="dependency:licenses", python=False)
 def dependency_licenses(session: Session) -> None:
     """returns the packages and their licenses"""
     toml = Path("pyproject.toml")
     dependencies = _dependencies(toml.read_text())
     package_infos = _licenses()
     print(_packages_to_markdown(dependencies=dependencies, packages=package_infos))
+
+
+@nox.session(name="dependency:audit", python=False)
+def audit(session: Session) -> None:
+    """Runs the audit for packages regard known vulnerabilities"""
+    _audit(session)

exasol/toolbox/nox/_lint.py

@@ -130,10 +130,6 @@ def report_illegal(illegal: dict[str, list[str]], console: rich.console.Console)
         console.print("")
 
 
-def _audit(session: Session) -> None:
-    session.run("poetry", "run", "pip-audit")
-
-
 @nox.session(name="lint:code", python=False)
 def lint(session: Session) -> None:
     "Runs the static code analyzer on the project"
@@ -195,9 +191,3 @@ def import_lint(session: Session) -> None:
             "Please make sure you have a configuration file for the importlinter"
         )
     _import_lint(session=session, path=path)
-
-
-@nox.session(name="project:audit", python=False)
-def audit(session: Session) -> None:
-    """Runs the audit for packages regard known vulnerabilities"""
-    _audit(session)

exasol/toolbox/nox/tasks.py

@@ -53,7 +53,6 @@ def check(session: Session) -> None:
     _type_check,
     lint,
     type_check,
-    audit
 )
 from exasol.toolbox.nox._documentation import (
     build_docs,
@@ -82,6 +81,7 @@ def check(session: Session) -> None:
 
 from exasol.toolbox.nox._dependencies import (
     dependency_licenses,
+    audit
 )
 
 # isort: on

exasol/toolbox/templates/github/workflows/checks.yml

@@ -126,6 +126,24 @@ jobs:
           path: .security.json
           include-hidden-files: true
 
+  Vulnerabilities:
+    name: Package Vulnerabilities Checks (Python-${{ matrix.python-version }})
+    runs-on: ubuntu-latest
+    strategy:
+      matrix: ${{ fromJson(needs.build-matrix.outputs.matrix) }}
+
+    steps:
+      - name: SCM Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Python & Poetry Environment
+        uses: ./.github/actions/python-environment
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Run Package vulnerabilities Check
+        run: poetry run nox -s dependency:audit
+
   Format:
     name: Format Check
     runs-on: ubuntu-latest