This GitHub action is helpful to find known security vulnerabilities in your python application.
You can use this action in a workflow, to find known continuously security vulnerabilities. It is using the python package safety, which is checking against the Safety DB.
Example configuration:
name: Python safety check
on:
push:
branches:
- master
env:
DEP_PATH: src/requirements.txt
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Check out master
uses: actions/checkout@master
- name: Security vulnerabilities scan
uses: aufdenpunkt/python-safety-check@masterTo let the script know, where your requirements.txt file located is, you can to set the DEP_PATH environment variable. By default, the script will check the root of the repository for requirements.txt file. See the example above.
This parameter is useful if you want to provide additional arguments to the command call. In the example below, I want to ignore a specific known issue. But you can pass any argument, which you can find in the documentation.
Example:
- name: Security vulnerabilities scan
uses: aufdenpunkt/python-safety-check@master
with:
safety_args: '-i 35015'If you want to check only packages defined in your requirements.txt you are able to set this parameter to 'true'.
Example:
- name: Security vulnerabilities scan
uses: aufdenpunkt/python-safety-check@master
with:
scan_requirements_file_only: 'true'See full instructions for Configuring and managing workflows.
For help editing the YAML file, see Workflow syntax for GitHub Actions.