Skip to content

Commit

Permalink
Merge pull request #1 from davidslusser/test
Browse files Browse the repository at this point in the history
initial checkin
  • Loading branch information
davidslusser authored Jun 2, 2023
2 parents 8e92b8f + c897554 commit 32825e4
Show file tree
Hide file tree
Showing 2 changed files with 98 additions and 0 deletions.
51 changes: 51 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,2 +1,53 @@
# actions_python_bandit
A Github action for security scanning with bandit.


<br/>

## How to use
In your .github/workflows directory, create a yaml file (such as main.yaml). Add a job for each desired workflow with the `uses` keyword. Use the `with` keyword to pass any desired variables.

Examples:

```
on: [push]
jobs:
bandit:
runs-on: ubuntu-latest
name: "bandit"
steps:
- uses: davidslusser/actions_python_bandit@v1.0.0
```
<br/>

```
on: [push]
jobs:
bandit:
runs-on: ubuntu-latest
name: "bandit"
steps:
- uses: davidslusser/actions_python_bandit@v1.0.0
with:
src: "src"
options: "-r"
pip_install_command: "pip install -e .[dev]"
python_version: "3.9"
```

<br/>

## Inputs
- **src:** source directory of code to check (defaults to "`.`")
- **options:** optional flags/parameters used in bandit command (defaults to "`-r`")
- **pip_install_command:** pip install command (defaults to "`pip install bandit`")
- **python_version:** version of python to run workflow with (defaults to "`3.x`")


<br/>

## References
- https://bandit.readthedocs.io/en/latest/
- https://pypi.org/project/bandit/
47 changes: 47 additions & 0 deletions action.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
name: actions_python_bandit
description: Github action for python static type checking with bandit
branding:
icon: 'check-circle'
color: 'green'
inputs:
options:
description: "additional flags/parameters passed to the bandit command"
required: false
type: string
default: "-r"
pip_install_command:
description: "command used to install python dependancies"
required: false
type: string
default: "pip install bandit"
python_version:
description: "version of python to run action with"
required: false
type: string
default: "3.x"
src:
required: false
type: string
default: "."
runs:
using: "composite"
steps:
- uses: actions/checkout@v3
- name: "Setup Python ${{ inputs.python_version }}"
uses: actions/setup-python@v4
with:
python-version: ${{ inputs.python_version }}

- name: "Show Python Version"
run: python --version
shell: bash

- name: "Install Python Dependencies"
run: |
python -m pip install --upgrade pip
${{ inputs.pip_install_command }}
shell: bash

- name: "Run Bandit"
run: "bandit ${{ inputs.src }} ${{ inputs.options }}"
shell: bash

0 comments on commit 32825e4

Please sign in to comment.