Merge 4087eca into f249b88

netromdk · Jul 9, 2023 · 0bd7afd · 0bd7afd
2 parents f249b88 + 4087eca
commit 0bd7afd
Show file tree

Hide file tree

Showing 4 changed files with 37 additions and 2 deletions.
diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml
@@ -8,6 +8,9 @@ on:
       - dev
     paths:
       - .github/workflows/semgrep.yml
+  # Run every sunday at 3:12.
+  schedule:
+    - cron: '12 3 * * 6'
 jobs:
   semgrep:
     name: semgrep/ci
@@ -19,4 +22,5 @@ jobs:
     if: (github.actor != 'dependabot[bot]')
     steps:
       - uses: actions/checkout@v3
-      - run: semgrep ci
+        # It takes some time to scan "vermin/rules.py". More than the default 30s timeout.
+      - run: semgrep ci --timeout 60 --verbose
diff --git a/.semgrepignore b/.semgrepignore
@@ -0,0 +1,7 @@
+.semgrep
+.semgrep_logs/
+.venv/
+.hypothesis/
+build/
+dist/
+examples/
diff --git a/Makefile b/Makefile
@@ -69,6 +69,9 @@ check-unused:
 security-check:
 	bandit -r -s B101 ${MODULES}
 
+semgrep:
+	semgrep ci --timeout 60 --verbose
+
 lint:
 	pylint -j 0 --disable=C0103,C0114,C0115,C0116,C0209,C0302,W0201,W0311,W0621,W0703,R0801,R0902,R0903,R0904,R0911,R0912,R0913,R0914,R0915,R0916,R1702,E1136\
 		${TOP_LEVEL_FILES}

diff --git a/misc/.analysis-requirements.txt b/misc/.analysis-requirements.txt
@@ -1,21 +1,33 @@
 astroid==2.15.5
+attrs==23.1.0
 bandit==1.7.5
+boltons==21.0.0
+bracex==2.3.post1
 build==0.10.0
 certifi==2023.5.7
 charset-normalizer==3.1.0
+click==8.1.4
+click-option-group==0.5.6
+colorama==0.4.6
+defusedxml==0.7.1
 dill==0.3.6
 docutils==0.20.1
+face==22.0.0
 flake8==6.0.0
 gitdb==4.0.10
 GitPython==3.1.31
+glom==22.1.0
 idna==3.4
 isort==5.12.0
+jsonschema==4.18.0
+jsonschema-specifications==2023.6.1
 lazy-object-proxy==1.9.0
 markdown-it-py==3.0.0
 mccabe==0.7.0
 mdurl==0.1.2
 packaging==23.1
 pbr==5.11.1
+peewee==3.16.2
 pep517==0.13.0
 platformdirs==3.5.3
 pycodestyle==2.10.0
@@ -25,16 +37,25 @@ pylint==2.17.4
 pyparsing==3.0.9
 pyproject_hooks==1.0.0
 pyroma==4.2
+python-lsp-jsonrpc==1.0.0
 PyYAML==6.0
+referencing==0.29.1
 requests==2.31.0
 rich==13.4.2
+rpds-py==0.8.10
+ruamel.yaml==0.17.32
+ruamel.yaml.clib==0.2.7
+semgrep==1.31.1
 six==1.16.0
 smmap==5.0.0
 stevedore==5.1.0
 toml==0.10.2
 tomli==2.0.1
 tomlkit==0.11.8
 trove-classifiers==2023.5.24
-urllib3==2.0.3
+typing_extensions==4.7.1
+ujson==5.8.0
+urllib3==1.26.16
 vulture==2.7
+wcmatch==8.4.1
 wrapt==1.15.0