style fix

Signed-off-by: Barabanov <[email protected]>

Author: AlexanderBarabanov

.github/dependabot.yml

@@ -1,17 +1,17 @@
-version: 2
-updates:
-  - package-ecosystem: "github-actions"
-    directory: /
-    schedule:
-      interval: "weekly"
-    target-branch: "master"
-    groups:
-      github-actions-dependency:
-        applies-to: version-updates
-        patterns:
-          - "*"
-  - package-ecosystem: pip
-    directory: /src/python
-    schedule:
-      interval: weekly
-    target-branch: "master"
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: /
+    schedule:
+      interval: "weekly"
+    target-branch: "master"
+    groups:
+      github-actions-dependency:
+        applies-to: version-updates
+        patterns:
+          - "*"
+  - package-ecosystem: pip
+    directory: /src/python
+    schedule:
+      interval: weekly
+    target-branch: "master"

.github/workflows/codeql.yml

@@ -1,48 +1,48 @@
-name: "CodeQL Scan"
-
-on:
-  push:
-    branches: ["master"]
-  pull_request:
-    branches: ["master"]
-  schedule:
-    - cron: "37 3 * * 0"
-
-permissions: {} # No permissions by default on workflow level
-
-jobs:
-  analyze:
-    name: Analyze (${{ matrix.language }})
-    runs-on: ubuntu-latest
-    permissions:
-      security-events: write # required to publish sarif
-
-    strategy:
-      fail-fast: false
-      matrix:
-        include:
-          - language: actions
-            build-mode: none
-          - language: python
-            build-mode: none
-          - language: c-cpp
-            build-mode: none
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          persist-credentials: false
-
-      # Initializes the CodeQL tools for scanning.
-      - name: Initialize CodeQL
-        uses: github/codeql-action/init@ce28f5bb42b7a9f2c824e633a3f6ee835bab6858 # v3.29.0
-        with:
-          languages: ${{ matrix.language }}
-          build-mode: ${{ matrix.build-mode }}
-          queries: security-extended
-
-      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@ce28f5bb42b7a9f2c824e633a3f6ee835bab6858 # v3.29.0
-        with:
-          category: "/language:${{matrix.language}}"
+name: "CodeQL Scan"
+
+on:
+  push:
+    branches: ["master"]
+  pull_request:
+    branches: ["master"]
+  schedule:
+    - cron: "37 3 * * 0"
+
+permissions: {} # No permissions by default on workflow level
+
+jobs:
+  analyze:
+    name: Analyze (${{ matrix.language }})
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write # required to publish sarif
+
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - language: actions
+            build-mode: none
+          - language: python
+            build-mode: none
+          - language: c-cpp
+            build-mode: none
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
+
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@ce28f5bb42b7a9f2c824e633a3f6ee835bab6858 # v3.29.0
+        with:
+          languages: ${{ matrix.language }}
+          build-mode: ${{ matrix.build-mode }}
+          queries: security-extended
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@ce28f5bb42b7a9f2c824e633a3f6ee835bab6858 # v3.29.0
+        with:
+          category: "/language:${{matrix.language}}"

.github/workflows/pre_commit.yml

@@ -82,4 +82,4 @@ jobs:
           severity-level: "LOW"
           confidence-level: "LOW"
           config_file: "src/python/pyproject.toml"
-          fail-on-findings: true
+          fail-on-findings: true

.github/workflows/scorecards.yml

@@ -1,40 +1,40 @@
-name: Scorecards supply-chain security
-on:
-  # For Branch-Protection check. Only the default branch is supported. See
-  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
-  branch_protection_rule:
-  schedule:
-    # Run security checks every day at 2 AM UTC
-    - cron: "0 2 * * *"
-  workflow_dispatch:
-
-permissions: {}
-
-jobs:
-  analysis:
-    name: Scorecards analysis
-    runs-on: ubuntu-latest
-    permissions:
-      # Needed to upload the results to code-scanning dashboard
-      security-events: write
-      # Needed to publish results and get a badge
-      id-token: write
-
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          persist-credentials: false
-
-      - name: Run analysis
-        uses: ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde # v2.4.2
-        with:
-          results_file: results.sarif
-          results_format: sarif
-          publish_results: true
-
-      # Upload the results to GitHub's code scanning dashboard
-      - name: Upload to code-scanning
-        uses: github/codeql-action/upload-sarif@ce28f5bb42b7a9f2c824e633a3f6ee835bab6858 # v3.29.0
-        with:
-          sarif_file: results.sarif
+name: Scorecards supply-chain security
+on:
+  # For Branch-Protection check. Only the default branch is supported. See
+  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
+  branch_protection_rule:
+  schedule:
+    # Run security checks every day at 2 AM UTC
+    - cron: "0 2 * * *"
+  workflow_dispatch:
+
+permissions: {}
+
+jobs:
+  analysis:
+    name: Scorecards analysis
+    runs-on: ubuntu-latest
+    permissions:
+      # Needed to upload the results to code-scanning dashboard
+      security-events: write
+      # Needed to publish results and get a badge
+      id-token: write
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
+
+      - name: Run analysis
+        uses: ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde # v2.4.2
+        with:
+          results_file: results.sarif
+          results_format: sarif
+          publish_results: true
+
+      # Upload the results to GitHub's code scanning dashboard
+      - name: Upload to code-scanning
+        uses: github/codeql-action/upload-sarif@ce28f5bb42b7a9f2c824e633a3f6ee835bab6858 # v3.29.0
+        with:
+          sarif_file: results.sarif

.github/workflows/security-scan.yml

@@ -1,83 +1,83 @@
-name: Security Scans
-
-on:
-  schedule:
-    # Run security checks every day at 2 AM UTC
-    - cron: "0 2 * * *"
-  workflow_dispatch:
-  push:
-    branches:
-      - master
-      - release**
-
-permissions: {}
-
-jobs:
-  zizmor-scan:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      security-events: write # Needed to upload the results to code-scanning dashboard
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          persist-credentials: false
-      - name: Run Zizmor scan
-        uses: open-edge-platform/anomalib/.github/actions/security/zizmor@fadfedd5150eb8cd39dfb659ae9bd0eb1c06720d
-        with:
-          scan-scope: "all"
-          severity-level: "LOW"
-          confidence-level: "LOW"
-          fail-on-findings: false # reports only
-
-  bandit-scan:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      security-events: write # Needed to upload the results to code-scanning dashboard
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          persist-credentials: false
-      - name: Run Bandit scan
-        uses: open-edge-platform/anomalib/.github/actions/security/bandit@fadfedd5150eb8cd39dfb659ae9bd0eb1c06720d
-        with:
-          scan-scope: "all"
-          severity-level: "LOW"
-          confidence-level: "LOW"
-          config_file: "src/python/pyproject.toml"
-          fail-on-findings: false # reports only
-
-  trivy-scan:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      security-events: write # Needed to upload the results to code-scanning dashboard
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          persist-credentials: false
-      - name: Set up Python
-        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
-        with:
-          python-version: "3.10"
-      - name: Install pip-tools
-        run: python -m pip install pip-tools
-
-      - name: Freeze dependencies
-        run: pip-compile --extra=full -o requirements.txt src/python/pyproject.toml
-
-      - name: Run Trivy scan
-        id: trivy
-        uses: open-edge-platform/anomalib/.github/actions/security/trivy@fadfedd5150eb8cd39dfb659ae9bd0eb1c06720d
-        with:
-          scan_type: "fs"
-          scan-scope: all
-          severity: LOW
-          scanners: "vuln,secret,config"
-          format: "sarif"
-          timeout: "15m"
-          ignore_unfixed: "false"
+name: Security Scans
+
+on:
+  schedule:
+    # Run security checks every day at 2 AM UTC
+    - cron: "0 2 * * *"
+  workflow_dispatch:
+  push:
+    branches:
+      - master
+      - release**
+
+permissions: {}
+
+jobs:
+  zizmor-scan:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      security-events: write # Needed to upload the results to code-scanning dashboard
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
+      - name: Run Zizmor scan
+        uses: open-edge-platform/anomalib/.github/actions/security/zizmor@fadfedd5150eb8cd39dfb659ae9bd0eb1c06720d
+        with:
+          scan-scope: "all"
+          severity-level: "LOW"
+          confidence-level: "LOW"
+          fail-on-findings: false # reports only
+
+  bandit-scan:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      security-events: write # Needed to upload the results to code-scanning dashboard
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
+      - name: Run Bandit scan
+        uses: open-edge-platform/anomalib/.github/actions/security/bandit@fadfedd5150eb8cd39dfb659ae9bd0eb1c06720d
+        with:
+          scan-scope: "all"
+          severity-level: "LOW"
+          confidence-level: "LOW"
+          config_file: "src/python/pyproject.toml"
+          fail-on-findings: false # reports only
+
+  trivy-scan:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      security-events: write # Needed to upload the results to code-scanning dashboard
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
+      - name: Set up Python
+        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+        with:
+          python-version: "3.10"
+      - name: Install pip-tools
+        run: python -m pip install pip-tools
+
+      - name: Freeze dependencies
+        run: pip-compile --extra=full -o requirements.txt src/python/pyproject.toml
+
+      - name: Run Trivy scan
+        id: trivy
+        uses: open-edge-platform/anomalib/.github/actions/security/trivy@fadfedd5150eb8cd39dfb659ae9bd0eb1c06720d
+        with:
+          scan_type: "fs"
+          scan-scope: all
+          severity: LOW
+          scanners: "vuln,secret,config"
+          format: "sarif"
+          timeout: "15m"
+          ignore_unfixed: "false"

src/python/pyproject.toml

@@ -251,4 +251,4 @@ notice-rgx = """
 [tool.bandit]
 exclude_dirs = ["tests"]
 tests = ["B301","B302","B303","B304","B305","B306","B308","B310","B311","B312","B313","B314","B315","B316","B317","B318","B319","B321","B323","B324","B401","B402","B403","B404","B405","B406","B407","B408","B409","B411","B412","B413"]
-skips = ["B101","B102","B103","B104","B105","B106","B107","B108","B110","B112","B201","B501","B502","B503","B504","B505","B506","B507","B601","B602","B603","B604","B605","B606","B607","B608","B609","B610","B611","B701","B702","B703"]
+skips = ["B101","B102","B103","B104","B105","B106","B107","B108","B110","B112","B201","B501","B502","B503","B504","B505","B506","B507","B601","B602","B603","B604","B605","B606","B607","B608","B609","B610","B611","B701","B702","B703"]