Skip to content

Update all non-major dependencies (#398) #888

Update all non-major dependencies (#398)

Update all non-major dependencies (#398) #888

Workflow file for this run

name: analysis
on:
push:
branches: [ "master" ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ "master" ]
schedule:
- cron: '36 22 * * 2'
jobs:
codeql:
name: CodeQL
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
steps:
- name: Checkout repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
- name: Initialize CodeQL
uses: github/codeql-action/init@8214744c546c1e5c8f03dde8fab3a7353211988d # v3
with:
languages: 'python'
config-file: ./.github/codeql/codeql-config.yml
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@8214744c546c1e5c8f03dde8fab3a7353211988d # v3
bandit:
name: Bandit
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
steps:
- name: Checkout repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
- run: pip install -r requirements_analysis.txt
- name: Run Bandit
run: bandit -r ./cxroots -x ./cxroots/tests
- name: Run Bandit with SARIF output
if: always()
run: bandit -r ./cxroots -x ./cxroots/tests --format sarif --output out.sarif
- name: Upload SARIF file
if: always()
uses: github/codeql-action/upload-sarif@8214744c546c1e5c8f03dde8fab3a7353211988d # v3
with:
sarif_file: out.sarif
category: Bandit