chore: Use pip audit to scan for vulnerabilities

clareliguori · clareliguori · commit 978e52ac4204 · 2025-04-21T16:54:20.000-07:00
diff --git a/.github/workflows/cdk-checks.yml b/.github/workflows/cdk-checks.yml
@@ -27,6 +27,10 @@ jobs:
         run: pip install -r requirements.txt
         working-directory: ./examples/servers/time
 
+      - uses: pypa/gh-action-pip-audit@v1.1.0
+        with:
+          inputs: ./examples/servers/time/requirements.txt
+
       - name: Synthesize CDK stack
         run: cdk synth --app 'python3 cdk_stack.py'
         working-directory: ./examples/servers/time
diff --git a/.github/workflows/python-checks.yml b/.github/workflows/python-checks.yml
@@ -24,6 +24,10 @@ jobs:
         run: uv sync --frozen --all-extras --dev
         working-directory: ./src/python
 
+      - uses: pypa/gh-action-pip-audit@v1.1.0
+        with:
+          inputs: ./src/python
+
       - name: Build
         run: uv build
         working-directory: ./src/python
