Skip to content
Bandit

chore(deps): bump wheel from 0.43.0 to 0.45.1 #35

Sign in to view logs

chore(deps): bump wheel from 0.43.0 to 0.45.1

chore(deps): bump wheel from 0.43.0 to 0.45.1 #35

Workflow file for this run

.github/workflows/bandit.yml at 40903a9
name: Bandit
on:
workflow_dispatch: { }
pull_request:
branches:
- main
permissions:
contents: read
jobs:
analyze:
runs-on: 'ubuntu-latest'
permissions:
security-events: write
actions: read
contents: read
steps:
- name: Harden the runner (Audit all outbound calls)
uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
with:
egress-policy: audit
- name: Set up Python 3.9
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
with:
python-version: 3.12.10
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Install Dependencies
shell: bash
run: pip install -r requirements.txt
- name: Run Bandit - Generate SARIF report and check for HIGH severity issues
id: high_severity_check
shell: bash
run: |
# Run Bandit to generate SARIF report
bandit . -r -c ipas_default.config -f sarif -o results.sarif || true
# Check the SARIF report for high severity issues
if grep -q '"SEVERITY.HIGH": [1-9]' results.sarif; then
echo "HIGH severity issues found! Workflow will fail after reporting."
echo "high_severity_issues=true" >> $GITHUB_OUTPUT
else
echo "No HIGH severity issues found!"
fi
- name: Upload SARIF results
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: bandit-results
path: results.sarif
- name: Upload SARIF to GitHub Security tab
uses: github/codeql-action/upload-sarif@ce28f5bb42b7a9f2c824e633a3f6ee835bab6858 # v3.29.0
with:
sarif_file: results.sarif
category: bandit
- name: Fail workflow if HIGH severity issues were found
if: steps.high_severity_check.outputs.high_severity_issues == 'true'
shell: bash
run: |
echo "ERROR: HIGH severity security issues were found by Bandit."
echo "Review the security report and fix all HIGH severity issues before merging."
exit 1