You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+16Lines changed: 16 additions & 0 deletions
Original file line number
Diff line number
Diff line change
@@ -73,3 +73,19 @@ The following variables are set in the `.env` file created by the pipeline:
73
73
- Ensure that your project contains test files (e.g., `tests.py`) with valid test cases.
74
74
- If you encounter issues with database migrations, verify your database settings in `settings.py`.
75
75
- Review the logs in the GitHub Actions tab for detailed error messages.
76
+
77
+
# Security Gateway Pipeline
78
+
79
+
## Overview
80
+
This pipeline ensures that any critical or high vulnerabilities detected during the CI process will block the release. It also leaves comments in pull requests with details about the vulnerabilities and uploads a report for further analysis.
81
+
82
+
### Key Features
83
+
-**Vulnerability Scanning**: Uses Trivy to scan for critical and high vulnerabilities.
84
+
-**PR Comments**: Automatically adds a comment to the pull request if vulnerabilities are found.
85
+
-**Artifact Upload**: Saves the Trivy report as an artifact for further review.
86
+
-**CodeQL Analysis**: Performs static code analysis using GitHub's CodeQL tool.
87
+
88
+
## Debugging Tips
89
+
- Ensure all package versions in `requirements.txt` exist in PyPI.
90
+
- Review the logs in the GitHub Actions tab for detailed error messages.
91
+
- If no vulnerabilities are found, the pipeline will proceed normally.
0 commit comments