change actions/checkout to v4, python to v5, add bandit for common s… #63
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…curity issues in python code
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Changes made
-Changed
actions/checkoutfrom v3 to v4 to make sure the environment is kept on date-Changed
actions/setup-pythonfrom v4 to v5 to make sure the environment is kept on date-Gave one more line each to make sure the pipeline lines on CI are more readable
Additions
-Added Bandit for GitHub Actions to find common security issues in Python code before it finds production, currently learning the tool and will try to figure out how I can fail if certain levels of security vulnerabilities (ie. high) are found.
Future plans
-Adding Safety for vulnerability scanning in packages, however, depending on the plan used, it can go up to $30 per month per developer
-Encompassing Bandit scan to stop the ci as soon as a certain level and certain confidence for vulnerability is found (such as high vulnerability high confidence).