File tree 1 file changed +48
-0
lines changed 1 file changed +48
-0
lines changed Original file line number Diff line number Diff line change 1+ name : Bandit Security Scan
2+
3+ on :
4+ push :
5+ branches : [ "main" ]
6+ pull_request :
7+ # The branches below must be a subset of the branches above
8+ branches : [ "main" ]
9+ schedule :
10+ - cron : '30 3 * * *'
11+
12+ permissions :
13+ contents : read
14+
15+ jobs :
16+ bandit - security - scan :
17+ permissions :
18+ contents : read # for actions/checkout to fetch code
19+ security - events : write # for github/codeql-action/upload-sarif to upload SARIF results
20+ actions : read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
21+ name : Bandit Security Scan
22+ runs - on : ubuntu - latest
23+ steps :
24+ # Checkout the repository to the GitHub Actions runner
25+ - name : Checkout code
26+ uses : actions / checkout @v4
27+
28+ - name : Set up Python
29+ uses : actions / setup - python @v5
30+ with :
31+ python - version : 3.12
32+
33+ - name : Install dependencies
34+ run : |
35+ python - m pip install - - upgrade pip
36+ python - m pip install bandit [sarif ]
37+ pip install .[all ] - v
38+
39+ # Execute Bandit
40+ - name : Run Bandit CLI
41+ run : |
42+ bandit - r . - v - - format sarif - o results .sarif
43+
44+ # Upload the SARIF file generated in the previous step
45+ - name : Upload SARIF results file
46+ uses : github / codeql - action / upload - sarif @v3
47+ with
48+ sarif_file : results .sarif
You can’t perform that action at this time.
0 commit comments