Skip to content

Commit 220e773

Browse files
authored
Merge pull request #4 from AmberJBlue/update-security-scans
Update Security Scan
2 parents 2889a72 + 07eb92b commit 220e773

File tree

2 files changed

+9
-7
lines changed

2 files changed

+9
-7
lines changed

.github/workflows/security.yaml

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -86,10 +86,16 @@ jobs:
8686
source .venv/bin/activate
8787
pip install -e ".[dev]"
8888
89-
- name: Run Bandit Security Scan
89+
- name: Install Bandit
9090
run: |
9191
source .venv/bin/activate
92-
bandit -r . --configfile pyproject.toml --format sarif -o results.sarif
92+
pip install bandit[sarif]
93+
94+
- name: Run Bandit Security Scan
95+
uses: PyCQA/bandit-action@v1
96+
with:
97+
targets: "."
98+
exclude: "tests"
9399

94100
- name: Upload SARIF results to Security tab
95101
if: github.ref == 'refs/heads/main'

pyproject.toml

Lines changed: 1 addition & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -48,7 +48,6 @@ dev = [
4848
"twine==3.4.2",
4949
"wheel~=0.38.4",
5050
"xgboost~=3.0.2",
51-
"bandit[toml,sarif]~=1.7.7"
5251
]
5352
extras = ["aix360[default,tsice,tslime,tssaliency]==0.3.0"]
5453

@@ -86,7 +85,4 @@ markers = [
8685
[tool.setuptools.packages.find]
8786
where = ["src"]
8887

89-
[tool.setuptools_scm]
90-
91-
[tool.bandit]
92-
exclude = ["tests"]
88+
[tool.setuptools_scm]

0 commit comments

Comments
 (0)