File tree Expand file tree Collapse file tree 1 file changed +54
-0
lines changed
Expand file tree Collapse file tree 1 file changed +54
-0
lines changed Original file line number Diff line number Diff line change 5757 with :
5858 sarif_file : ' trivy-results.sarif'
5959 category : ' trivy-security-scan'
60+
61+ bandit-scan :
62+ name : Bandit
63+ runs-on : ubuntu-latest
64+ permissions :
65+ security-events : write
66+ actions : read
67+ contents : read
68+ checks : write
69+
70+ steps :
71+ - uses : actions/checkout@v4
72+
73+ - name : Set up Python
74+ uses : actions/setup-python@v5
75+ with :
76+ python-version : " 3.11"
77+ cache : " pip"
78+
79+ - name : Create virtual environment
80+ run : |
81+ python -m pip install --upgrade pip
82+ python -m venv .venv
83+
84+ name : Install dependencies
85+ run : |
86+ source .venv/bin/activate
87+ pip install -e ".[dev]"
88+
89+ name : Install Bandit
90+ run : |
91+ source .venv/bin/activate
92+ pip install bandit[toml]
93+
94+ name : Run Bandit Security Scan
95+ uses : PyCQA/bandit-action@v1
96+ with :
97+ targets : " ."
98+
99+ - name : Upload SARIF results to Security tab
100+ if : github.ref == 'refs/heads/main'
101+ uses : github/codeql-action/upload-sarif@v3
102+ with :
103+ sarif_file : results.sarif
104+ category : bandit-security-scan
105+ continue-on-error : true
106+
107+ - name : Upload SARIF as artifact
108+ uses : actions/upload-artifact@v4
109+ with :
110+ name : bandit-sarif-results
111+ path : results.sarif
112+ retention-days : 30
113+ continue-on-error : true
You can’t perform that action at this time.
0 commit comments