mirror of
https://github.com/pyTooling/Actions.git
synced 2026-02-13 03:26:55 +08:00
Added Bandir, Radon metrics and PyLint checking.
This commit is contained in:
Patrick Lehmann
74
.github/workflows/StaticApplicationSecurityTesting.yml
vendored
Normal file
74
.github/workflows/StaticApplicationSecurityTesting.yml
vendored
Normal file
@@ -0,0 +1,74 @@
|
||||
# ==================================================================================================================== #
|
||||
# Authors: #
|
||||
# Patrick Lehmann #
|
||||
# #
|
||||
# ==================================================================================================================== #
|
||||
# Copyright 2025-2025 The pyTooling Authors #
|
||||
# #
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); #
|
||||
# you may not use this file except in compliance with the License. #
|
||||
# You may obtain a copy of the License at #
|
||||
# #
|
||||
# http://www.apache.org/licenses/LICENSE-2.0 #
|
||||
# #
|
||||
# Unless required by applicable law or agreed to in writing, software #
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, #
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
|
||||
# See the License for the specific language governing permissions and #
|
||||
# limitations under the License. #
|
||||
# #
|
||||
# SPDX-License-Identifier: Apache-2.0 #
|
||||
# ==================================================================================================================== #
|
||||
name: Security Testing (SAST)
|
||||
|
||||
on:
|
||||
workflow_call:
|
||||
inputs:
|
||||
ubuntu_image_version:
|
||||
description: 'Ubuntu image version.'
|
||||
required: false
|
||||
default: '24.04'
|
||||
type: string
|
||||
python_version:
|
||||
description: 'Python version.'
|
||||
required: false
|
||||
default: '3.13'
|
||||
type: string
|
||||
# requirements:
|
||||
# description: 'Python dependencies to be installed through pip.'
|
||||
# required: false
|
||||
# default: 'bandit'
|
||||
# type: string
|
||||
package_directory:
|
||||
description: '.'
|
||||
required: true
|
||||
type: string
|
||||
artifact:
|
||||
description: 'Name of the package artifact.'
|
||||
required: true
|
||||
type: string
|
||||
|
||||
jobs:
|
||||
Bandit:
|
||||
name: 🚨 Security Scanning
|
||||
runs-on: "ubuntu-${{ inputs.ubuntu_image_version }}"
|
||||
|
||||
steps:
|
||||
- name: ⏬ Checkout repository
|
||||
uses: actions/checkout@v5
|
||||
with:
|
||||
lfs: true
|
||||
submodules: true
|
||||
|
||||
- name: 🐍 Setup Python ${{ inputs.python_version }}
|
||||
uses: actions/setup-python@v6
|
||||
with:
|
||||
python-version: ${{ inputs.python_version }}
|
||||
|
||||
- name: ⚙ Install dependencies for packaging and release
|
||||
run: python -m pip install --disable-pip-version-check bandit
|
||||
|
||||
- name: 👮 Bandit
|
||||
if: inputs.artifact != ''
|
||||
run: |
|
||||
bandit -c pyproject.toml -r ${{ inputs.package_directory }} -f xml -o report/bandit/report.xml
|
||||
Reference in New Issue
Block a user