Malin/krawl.es
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: enhance Bandit security check to enforce HIGH severity issue detection

Browse Source
This commit is contained in:
Lorenzo Venerandi
2026-01-22 11:20:46 +01:00
parent bea9489a12
commit dcfdb23b0c
1 changed files with 9 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
.github/workflows/security-scan.yml vendored
View File

@@ -30,8 +30,16 @@ jobs:
- name: Bandit security check - name: Bandit security check
run: | run: |
bandit -r src/ -f json -o bandit-report.json || true bandit -r src/ -f json -o bandit-report.json
bandit -r src/ -f txt bandit -r src/ -f txt
# Check for HIGH severity issues only
HIGH_COUNT=$(python3 -c "import json; data=json.load(open('bandit-report.json')); print(len([i for i in data['results'] if i['severity'] == 'HIGH']))")
if [ "$HIGH_COUNT" -gt 0 ]; then
echo "Found $HIGH_COUNT HIGH severity security issues"
exit 1
fi
echo "No HIGH severity security issues found (LOW/MEDIUM are acceptable)"
- name: Safety check for dependencies - name: Safety check for dependencies
run: safety check --json || true run: safety check --json || true