Skip to content

CVE Scanning for Python #519

CVE Scanning for Python

CVE Scanning for Python #519

name: CVE Scanning for Python
on:
schedule:
- cron: '0 8,18 * * 1-5'
pull_request:
paths:
- 'pyproject.toml'
- '.safety-policy.yml'
- '.github/workflows/cve-scanning-python.yml'
env:
PYTHON_KEYRING_BACKEND: keyring.backends.null.Keyring
jobs:
scan:
name: Build and test App
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v4
with:
python-version: "3.10"
- uses: abatilo/actions-poetry@192395c0d10c082a7c62294ab5d9a9de40e48974
with:
poetry-version: "1.2.2"
- name: Install safety
run: pip3 install safety
- name: Build app
run: poetry build
- name: Test app
run: |
poetry install
- name: Scan CVEs
run: poetry export --without-hashes -f requirements.txt | safety check --full-report --stdin
# Without poetry, use this command instead
# run: safety check -r requirements.txt --full-report --policy-file safety-policy.yml