forked from PyCQA/bandit
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'main' into feat/add-httpx-to-B113
- Loading branch information
Showing
63 changed files
with
1,083 additions
and
192 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,3 @@ | ||
custom: ["https://psfmember.org/civicrm/contribute/transact/?reset=1&id=42"] | ||
github: [ericwb] | ||
tidelift: pypi/bandit |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,67 @@ | ||
name: Build and Publish Bandit Images | ||
|
||
on: | ||
release: | ||
types: [created] | ||
schedule: | ||
- cron: '0 0 * * 0' # Every Sunday at midnight | ||
workflow_dispatch: | ||
|
||
jobs: | ||
build-and-publish: | ||
runs-on: ubuntu-latest | ||
permissions: | ||
contents: read | ||
packages: write | ||
id-token: write | ||
|
||
steps: | ||
|
||
- name: Get latest release tag | ||
if: github.event_name != 'release' | ||
id: get-latest-tag | ||
run: | | ||
TAG=$(curl -s https://api.github.com/repos/${{ github.repository }}/releases/latest | jq -r .tag_name) | ||
echo "Latest tag is $TAG" | ||
echo "RELEASE_TAG=$TAG" >> $GITHUB_ENV | ||
- name: Check out the repo | ||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 | ||
with: | ||
ref: ${{ github.event_name == 'release' && github.ref || env.RELEASE_TAG }} | ||
|
||
- name: Set up Docker Buildx | ||
uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3 | ||
|
||
- name: Log in to GitHub Container Registry | ||
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3 | ||
with: | ||
registry: ghcr.io | ||
username: ${{ github.actor }} | ||
password: ${{ secrets.GITHUB_TOKEN }} | ||
|
||
- name: Install Cosign | ||
uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0 | ||
with: | ||
cosign-release: 'v2.2.2' | ||
|
||
- name: Downcase github.repository value | ||
run: | | ||
echo "IMAGE_NAME=`echo ${{github.repository}} | tr '[:upper:]' '[:lower:]'`" >>${GITHUB_ENV} | ||
- name: Build and push Docker image | ||
id: build-and-push | ||
uses: docker/build-push-action@31159d49c0d4756269a0940a750801a1ea5d7003 # v6 | ||
with: | ||
context: . | ||
file: ./docker/Dockerfile | ||
push: true | ||
tags: ghcr.io/${{ env.IMAGE_NAME }}/bandit:latest | ||
platforms: linux/amd64, linux/arm64, linux/arm/v7, linux/arm/v8 | ||
|
||
- name: Sign the image | ||
env: | ||
TAGS: ghcr.io/${{ env.IMAGE_NAME }}/bandit:latest | ||
DIGEST: ${{ steps.build-and-push.outputs.digest }} | ||
run: | | ||
echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
# Security Policy | ||
|
||
Bandit is a tool designed to find security issues, so every effort is made that Bandit itself is also | ||
free of those issues. However, if you believe you have found a security vulnerability in this repository | ||
please open it privately via the [Report a security vulnerability](https://github.com/PyCQA/bandit/security/advisories/new) link in the Issues tab. | ||
|
||
**Please do not report security vulnerabilities through public issues, discussions, or pull requests.** | ||
|
||
Please also inform the [Tidelift security](https://tidelift.com/security). Tidelift will help coordinate the fix and disclosure. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.