-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #1 from davidslusser/test
initial checkin
- Loading branch information
Showing
2 changed files
with
98 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,53 @@ | ||
# actions_python_bandit | ||
A Github action for security scanning with bandit. | ||
|
||
|
||
<br/> | ||
|
||
## How to use | ||
In your .github/workflows directory, create a yaml file (such as main.yaml). Add a job for each desired workflow with the `uses` keyword. Use the `with` keyword to pass any desired variables. | ||
|
||
Examples: | ||
|
||
``` | ||
on: [push] | ||
jobs: | ||
bandit: | ||
runs-on: ubuntu-latest | ||
name: "bandit" | ||
steps: | ||
- uses: davidslusser/actions_python_bandit@v1.0.0 | ||
``` | ||
<br/> | ||
|
||
``` | ||
on: [push] | ||
jobs: | ||
bandit: | ||
runs-on: ubuntu-latest | ||
name: "bandit" | ||
steps: | ||
- uses: davidslusser/actions_python_bandit@v1.0.0 | ||
with: | ||
src: "src" | ||
options: "-r" | ||
pip_install_command: "pip install -e .[dev]" | ||
python_version: "3.9" | ||
``` | ||
|
||
<br/> | ||
|
||
## Inputs | ||
- **src:** source directory of code to check (defaults to "`.`") | ||
- **options:** optional flags/parameters used in bandit command (defaults to "`-r`") | ||
- **pip_install_command:** pip install command (defaults to "`pip install bandit`") | ||
- **python_version:** version of python to run workflow with (defaults to "`3.x`") | ||
|
||
|
||
<br/> | ||
|
||
## References | ||
- https://bandit.readthedocs.io/en/latest/ | ||
- https://pypi.org/project/bandit/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
name: actions_python_bandit | ||
description: Github action for python static type checking with bandit | ||
branding: | ||
icon: 'check-circle' | ||
color: 'green' | ||
inputs: | ||
options: | ||
description: "additional flags/parameters passed to the bandit command" | ||
required: false | ||
type: string | ||
default: "-r" | ||
pip_install_command: | ||
description: "command used to install python dependancies" | ||
required: false | ||
type: string | ||
default: "pip install bandit" | ||
python_version: | ||
description: "version of python to run action with" | ||
required: false | ||
type: string | ||
default: "3.x" | ||
src: | ||
required: false | ||
type: string | ||
default: "." | ||
runs: | ||
using: "composite" | ||
steps: | ||
- uses: actions/checkout@v3 | ||
- name: "Setup Python ${{ inputs.python_version }}" | ||
uses: actions/setup-python@v4 | ||
with: | ||
python-version: ${{ inputs.python_version }} | ||
|
||
- name: "Show Python Version" | ||
run: python --version | ||
shell: bash | ||
|
||
- name: "Install Python Dependencies" | ||
run: | | ||
python -m pip install --upgrade pip | ||
${{ inputs.pip_install_command }} | ||
shell: bash | ||
|
||
- name: "Run Bandit" | ||
run: "bandit ${{ inputs.src }} ${{ inputs.options }}" | ||
shell: bash |