chore(deps): bump requests from 2.32.5 to 2.33.0 in /docs #446

Workflow file for this run

.github/workflows/security.yml at b3dc6bd

	name: Security Scan

	on:
	push:
	branches: ['**']
	pull_request:
	branches: ['**']
	schedule:
	- cron: '0 0 * * 1' # Weekly on Monday

	jobs:
	security:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v3

	- uses: actions/setup-python@v5
	with:
	python-version: '3.12'

	- name: Install system dependencies
	run: \|
	sudo apt-get update
	sudo apt-get install -y libhdf5-dev pkg-config

	- name: Install security tools
	run: \|
	python -m pip install --upgrade pip wheel
	pip install bandit[toml] safety pip-audit

	- name: Run Bandit security scan
	run: \|
	mkdir -p security-results
	bandit -r solarwindpy -ll -f json -o security-results/bandit-report.json
	bandit -r solarwindpy -ll -f txt -o security-results/bandit-report.txt
	bandit -r solarwindpy -ll # Display to console
	continue-on-error: true

	- name: Run Safety check
	run: \|
	# Install pytables separately with verbose output for debugging
	pip install --verbose tables
	pip install -r requirements-dev.lock
	safety check --requirement requirements-dev.lock --json > security-results/safety-report.json
	safety check --requirement requirements-dev.lock --output text > security-results/safety-report.txt
	safety check --requirement requirements-dev.lock # Display to console
	continue-on-error: true

	- name: Run pip-audit
	run: \|
	pip-audit --requirement requirements-dev.lock --format json > security-results/pip-audit-report.json
	pip-audit --requirement requirements-dev.lock --format text > security-results/pip-audit-report.txt
	pip-audit --requirement requirements-dev.lock # Display to console
	continue-on-error: true

	- name: Upload security reports
	if: always()
	uses: actions/upload-artifact@v4
	with:
	name: security-reports-${{ github.run_id }}
	path: security-results/
	retention-days: 90

	- name: Check for critical vulnerabilities
	run: \|
	# Parse reports and fail if critical issues found
	python -c "
	import json
	import sys

	critical = False

	# Check bandit report
	try:
	with open('security-results/bandit-report.json') as f:
	bandit = json.load(f)
	high_severity = [r for r in bandit.get('results', [])
	if r.get('issue_severity') == 'HIGH']
	if high_severity:
	print(f'Found {len(high_severity)} high severity issues in Bandit scan')
	critical = True
	except Exception as e:
	print(f'Could not parse bandit report: {e}')

	if critical:
	sys.exit(1)
	"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump requests from 2.32.5 to 2.33.0 in /docs #446

Workflow file

chore(deps): bump requests from 2.32.5 to 2.33.0 in /docs #446

Uh oh!

Workflow file for this run