From 5d9262ad35f7b8cbf150448a2a08f1a98d180d38 Mon Sep 17 00:00:00 2001 From: Luke Tainton Date: Wed, 21 Jan 2026 21:09:09 +0000 Subject: [PATCH] chore(ci): update CI workflows to comment out SonarQube and Snyk scans (#57) Reviewed-on: https://git.tainton.uk/actions/gha-workflows/pulls/57 --- .gitea/workflows/ci-docker.yml | 22 ++++---- .../ci-python-poetry-with-docker.yml | 32 ++++++------ .gitea/workflows/ci-python-poetry.yml | 32 ++++++------ .gitea/workflows/ci-python-uv-with-docker.yml | 40 +++++++------- .gitea/workflows/ci-python-with-docker.yml | 32 ++++++------ .gitea/workflows/ci-python.yml | 32 ++++++------ .github/workflows/ci-docker.yml | 45 ++++++++-------- .../ci-python-poetry-with-docker.yml | 52 +++++++++++-------- .github/workflows/ci-python-poetry.yml | 51 ++++++++++-------- .github/workflows/ci-python-with-docker.yml | 52 +++++++++++-------- .github/workflows/ci-python.yml | 51 ++++++++++-------- renovate.json | 2 + 12 files changed, 243 insertions(+), 200 deletions(-) diff --git a/.gitea/workflows/ci-docker.yml b/.gitea/workflows/ci-docker.yml index a59c4d7..8aa94d2 100644 --- a/.gitea/workflows/ci-docker.yml +++ b/.gitea/workflows/ci-docker.yml @@ -23,15 +23,15 @@ jobs: format: sonarqube no-fail: true - - name: SonarQube Cloud Scan - uses: SonarSource/sonarqube-scan-action@v7.0.0 - env: - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + # - name: SonarQube Cloud Scan + # uses: SonarSource/sonarqube-scan-action@v7.0.0 + # env: + # SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - - name: Snyk Vulnerability Scan - uses: snyk/actions/python@master - continue-on-error: true # Sometimes vulns aren't immediately fixable - env: - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - with: - args: test --all-projects + # - name: Snyk Vulnerability Scan + # uses: snyk/actions/python@master + # continue-on-error: true # Sometimes vulns aren't immediately fixable + # env: + # SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + # with: + # args: test --all-projects diff --git a/.gitea/workflows/ci-python-poetry-with-docker.yml b/.gitea/workflows/ci-python-poetry-with-docker.yml index 6c982ff..e4f82ec 100644 --- a/.gitea/workflows/ci-python-poetry-with-docker.yml +++ b/.gitea/workflows/ci-python-poetry-with-docker.yml @@ -6,11 +6,11 @@ on: type: string default: "3.11" description: "Version of Python to use for testing environment" - secrets: - SONAR_TOKEN: - required: true - SNYK_TOKEN: - required: true + # secrets: + # SONAR_TOKEN: + # required: true + # SNYK_TOKEN: + # required: true env: PATH: ${{ env.PATH }}:/root/.poetry/bin @@ -65,15 +65,15 @@ jobs: poetry run coverage xml sed -i 's@${{ gitea.workspace }}@/github/workspace@g' coverage.xml - - name: SonarQube Cloud Scan - uses: SonarSource/sonarqube-scan-action@v7.0.0 - env: - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + # - name: SonarQube Cloud Scan + # uses: SonarSource/sonarqube-scan-action@v7.0.0 + # env: + # SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - - name: Snyk Vulnerability Scan - uses: snyk/actions/python@master - continue-on-error: true # Sometimes vulns aren't immediately fixable - env: - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - with: - args: test --all-projects + # - name: Snyk Vulnerability Scan + # uses: snyk/actions/python@master + # continue-on-error: true # Sometimes vulns aren't immediately fixable + # env: + # SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + # with: + # args: test --all-projects diff --git a/.gitea/workflows/ci-python-poetry.yml b/.gitea/workflows/ci-python-poetry.yml index 9f2a9b8..7907506 100644 --- a/.gitea/workflows/ci-python-poetry.yml +++ b/.gitea/workflows/ci-python-poetry.yml @@ -6,11 +6,11 @@ on: type: string default: "3.11" description: "Version of Python to use for testing environment" - secrets: - SONAR_TOKEN: - required: true - SNYK_TOKEN: - required: true + # secrets: + # SONAR_TOKEN: + # required: true + # SNYK_TOKEN: + # required: true env: PATH: ${{ env.PATH }}:/root/.poetry/bin @@ -56,15 +56,15 @@ jobs: poetry run coverage xml sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml - - name: SonarQube Cloud Scan - uses: SonarSource/sonarqube-scan-action@v7.0.0 - env: - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + # - name: SonarQube Cloud Scan + # uses: SonarSource/sonarqube-scan-action@v7.0.0 + # env: + # SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - - name: Snyk Vulnerability Scan - uses: snyk/actions/python@master - continue-on-error: true # Sometimes vulns aren't immediately fixable - env: - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - with: - args: test --all-projects + # - name: Snyk Vulnerability Scan + # uses: snyk/actions/python@master + # continue-on-error: true # Sometimes vulns aren't immediately fixable + # env: + # SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + # with: + # args: test --all-projects diff --git a/.gitea/workflows/ci-python-uv-with-docker.yml b/.gitea/workflows/ci-python-uv-with-docker.yml index 34baba1..f4d19e9 100644 --- a/.gitea/workflows/ci-python-uv-with-docker.yml +++ b/.gitea/workflows/ci-python-uv-with-docker.yml @@ -6,13 +6,13 @@ on: type: string default: "3.11" description: "Version of Python to use for testing environment" - secrets: - SONAR_HOST_URL: - required: false - SONAR_TOKEN: - required: true - SNYK_TOKEN: - required: true + # secrets: + # SONAR_HOST_URL: + # required: false + # SONAR_TOKEN: + # required: true + # SNYK_TOKEN: + # required: true jobs: ci: @@ -62,17 +62,17 @@ jobs: - name: Minimize uv cache run: uv cache prune --ci - - name: SonarQube Scan - uses: SonarSource/sonarqube-scan-action@v7.0.0 - env: - SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + # - name: SonarQube Scan + # uses: SonarSource/sonarqube-scan-action@v7.0.0 + # env: + # SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} + # SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - - name: Snyk Vulnerability Scan - uses: snyk/actions/python@master - continue-on-error: true # Sometimes vulns aren't immediately fixable - env: - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - with: - command: snyk - args: test --all-projects + # - name: Snyk Vulnerability Scan + # uses: snyk/actions/python@master + # continue-on-error: true # Sometimes vulns aren't immediately fixable + # env: + # SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + # with: + # command: snyk + # args: test --all-projects diff --git a/.gitea/workflows/ci-python-with-docker.yml b/.gitea/workflows/ci-python-with-docker.yml index a95ab9e..7dd4146 100644 --- a/.gitea/workflows/ci-python-with-docker.yml +++ b/.gitea/workflows/ci-python-with-docker.yml @@ -6,11 +6,11 @@ on: type: string default: "3.11" description: "Version of Python to use for testing environment" - secrets: - SONAR_TOKEN: - required: true - SNYK_TOKEN: - required: true + # secrets: + # SONAR_TOKEN: + # required: true + # SNYK_TOKEN: + # required: true jobs: ci: @@ -57,15 +57,15 @@ jobs: coverage xml sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml - - name: SonarQube Cloud Scan - uses: SonarSource/sonarqube-scan-action@v7.0.0 - env: - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + # - name: SonarQube Cloud Scan + # uses: SonarSource/sonarqube-scan-action@v7.0.0 + # env: + # SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - - name: Snyk Vulnerability Scan - uses: snyk/actions/python@master - continue-on-error: true # Sometimes vulns aren't immediately fixable - env: - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - with: - args: test --all-projects + # - name: Snyk Vulnerability Scan + # uses: snyk/actions/python@master + # continue-on-error: true # Sometimes vulns aren't immediately fixable + # env: + # SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + # with: + # args: test --all-projects diff --git a/.gitea/workflows/ci-python.yml b/.gitea/workflows/ci-python.yml index 3c05c64..67c8c22 100644 --- a/.gitea/workflows/ci-python.yml +++ b/.gitea/workflows/ci-python.yml @@ -6,11 +6,11 @@ on: type: string default: "3.11" description: "Version of Python to use for testing environment" - secrets: - SONAR_TOKEN: - required: true - SNYK_TOKEN: - required: true + # secrets: + # SONAR_TOKEN: + # required: true + # SNYK_TOKEN: + # required: true jobs: ci: @@ -50,15 +50,15 @@ jobs: coverage xml sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml - - name: SonarQube Cloud Scan - uses: SonarSource/sonarqube-scan-action@v7.0.0 - env: - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + # - name: SonarQube Cloud Scan + # uses: SonarSource/sonarqube-scan-action@v7.0.0 + # env: + # SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - - name: Snyk Vulnerability Scan - uses: snyk/actions/python@master - continue-on-error: true # Sometimes vulns aren't immediately fixable - env: - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - with: - args: test --all-projects + # - name: Snyk Vulnerability Scan + # uses: snyk/actions/python@master + # continue-on-error: true # Sometimes vulns aren't immediately fixable + # env: + # SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + # with: + # args: test --all-projects diff --git a/.github/workflows/ci-docker.yml b/.github/workflows/ci-docker.yml index 585edfb..351a3d2 100644 --- a/.github/workflows/ci-docker.yml +++ b/.github/workflows/ci-docker.yml @@ -1,11 +1,11 @@ name: Docker CI on: workflow_call: - secrets: - SONAR_TOKEN: - required: true - SNYK_TOKEN: - required: true + # secrets: + # SONAR_TOKEN: + # required: true + # SNYK_TOKEN: + # required: true jobs: ci: @@ -15,26 +15,29 @@ jobs: uses: actions/checkout@v6.0.1 with: fetch-depth: 0 + - uses: hadolint/hadolint-action@v3.3.0 with: dockerfile: Dockerfile output-file: hadolint.out format: sonarqube no-fail: true - - name: SonarQube Cloud Scan - uses: SonarSource/sonarqube-scan-action@v7.0.0 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - - name: Snyk Vulnerability Scan - uses: snyk/actions/python-3.10@master - continue-on-error: true # To make sure that SARIF upload gets called - env: - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - with: - args: --sarif-file-output=snyk.sarif --all-projects - - name: Upload result to GitHub Code Scanning - uses: github/codeql-action/upload-sarif@v4 - with: - sarif_file: snyk.sarif + # - name: SonarQube Cloud Scan + # uses: SonarSource/sonarqube-scan-action@v7.0.0 + # env: + # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + + # - name: Snyk Vulnerability Scan + # uses: snyk/actions/python-3.10@master + # continue-on-error: true # To make sure that SARIF upload gets called + # env: + # SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + # with: + # args: --sarif-file-output=snyk.sarif --all-projects + + # - name: Upload result to GitHub Code Scanning + # uses: github/codeql-action/upload-sarif@v4 + # with: + # sarif_file: snyk.sarif diff --git a/.github/workflows/ci-python-poetry-with-docker.yml b/.github/workflows/ci-python-poetry-with-docker.yml index 1200b2d..30314b0 100644 --- a/.github/workflows/ci-python-poetry-with-docker.yml +++ b/.github/workflows/ci-python-poetry-with-docker.yml @@ -6,11 +6,11 @@ on: type: string default: "3.11" description: "Version of Python to use for testing environment" - secrets: - SONAR_TOKEN: - required: true - SNYK_TOKEN: - required: true + # secrets: + # SONAR_TOKEN: + # required: true + # SNYK_TOKEN: + # required: true jobs: ci: @@ -21,46 +21,56 @@ jobs: run: | PYTHON_VERSION=${{ inputs.python-version }} echo "value=${PYTHON_VERSION:-"3.11"}" >> $GITHUB_OUTPUT + - name: Check out repository code uses: actions/checkout@v6.0.1 with: fetch-depth: 0 + - uses: hadolint/hadolint-action@v3.3.0 with: dockerfile: Dockerfile output-file: hadolint.out format: sonarqube no-fail: true + - name: Setup Python uses: actions/setup-python@v6 with: python-version: "${{ steps.python-version.outputs.value }}" + - name: Setup Poetry uses: abatilo/actions-poetry@v4 + - name: Install dependencies run: poetry install + - name: Lint run: | poetry run pylint --fail-under=8 --recursive=yes --output-format=parseable --output=lintreport.txt . cat lintreport.txt + - name: Unit Test run: | poetry run coverage run -m pytest -v --junitxml=testresults.xml poetry run coverage xml sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml - - name: SonarQube Cloud Scan - uses: SonarSource/sonarqube-scan-action@v7.0.0 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - - name: Snyk Vulnerability Scan - uses: snyk/actions/python-3.10@master - continue-on-error: true # To make sure that SARIF upload gets called - env: - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - with: - args: --sarif-file-output=snyk.sarif --all-projects - - name: Upload result to GitHub Code Scanning - uses: github/codeql-action/upload-sarif@v4 - with: - sarif_file: snyk.sarif + + # - name: SonarQube Cloud Scan + # uses: SonarSource/sonarqube-scan-action@v7.0.0 + # env: + # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + + # - name: Snyk Vulnerability Scan + # uses: snyk/actions/python-3.10@master + # continue-on-error: true # To make sure that SARIF upload gets called + # env: + # SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + # with: + # args: --sarif-file-output=snyk.sarif --all-projects + + # - name: Upload result to GitHub Code Scanning + # uses: github/codeql-action/upload-sarif@v4 + # with: + # sarif_file: snyk.sarif diff --git a/.github/workflows/ci-python-poetry.yml b/.github/workflows/ci-python-poetry.yml index 1749257..47375a2 100644 --- a/.github/workflows/ci-python-poetry.yml +++ b/.github/workflows/ci-python-poetry.yml @@ -6,11 +6,11 @@ on: type: string default: "3.11" description: "Version of Python to use for testing environment" - secrets: - SONAR_TOKEN: - required: true - SNYK_TOKEN: - required: true + # secrets: + # SONAR_TOKEN: + # required: true + # SNYK_TOKEN: + # required: true jobs: ci: @@ -21,38 +21,47 @@ jobs: run: | PYTHON_VERSION=${{ inputs.python-version }} echo "value=${PYTHON_VERSION:-"3.11"}" >> $GITHUB_OUTPUT + - name: Check out repository code uses: actions/checkout@v6.0.1 with: fetch-depth: 0 + - name: Setup Python uses: actions/setup-python@v6 with: python-version: "${{ steps.python-version.outputs.value }}" + - name: Setup Poetry uses: abatilo/actions-poetry@v4 + - name: Install dependencies run: poetry install + - name: Lint run: poetry run pylint --fail-under=8 --recursive=yes --output-format=parseable --output=lintreport.txt . + - name: Unit Test run: | poetry run coverage run -m pytest -v --junitxml=testresults.xml poetry run coverage xml sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml - - name: SonarQube Cloud Scan - uses: SonarSource/sonarqube-scan-action@v7.0.0 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - - name: Snyk Vulnerability Scan - uses: snyk/actions/python-3.10@master - continue-on-error: true # To make sure that SARIF upload gets called - env: - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - with: - args: --sarif-file-output=snyk.sarif --all-projects - - name: Upload result to GitHub Code Scanning - uses: github/codeql-action/upload-sarif@v4 - with: - sarif_file: snyk.sarif + + # - name: SonarQube Cloud Scan + # uses: SonarSource/sonarqube-scan-action@v7.0.0 + # env: + # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + + # - name: Snyk Vulnerability Scan + # uses: snyk/actions/python-3.10@master + # continue-on-error: true # To make sure that SARIF upload gets called + # env: + # SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + # with: + # args: --sarif-file-output=snyk.sarif --all-projects + + # - name: Upload result to GitHub Code Scanning + # uses: github/codeql-action/upload-sarif@v4 + # with: + # sarif_file: snyk.sarif diff --git a/.github/workflows/ci-python-with-docker.yml b/.github/workflows/ci-python-with-docker.yml index d979068..ebf4a7e 100644 --- a/.github/workflows/ci-python-with-docker.yml +++ b/.github/workflows/ci-python-with-docker.yml @@ -6,11 +6,11 @@ on: type: string default: "3.11" description: "Version of Python to use for testing environment" - secrets: - SONAR_TOKEN: - required: true - SNYK_TOKEN: - required: true + # secrets: + # SONAR_TOKEN: + # required: true + # SNYK_TOKEN: + # required: true jobs: ci: @@ -21,47 +21,57 @@ jobs: run: | PYTHON_VERSION=${{ inputs.python-version }} echo "value=${PYTHON_VERSION:-"3.11"}" >> $GITHUB_OUTPUT + - name: Check out repository code uses: actions/checkout@v6.0.1 with: fetch-depth: 0 + - uses: hadolint/hadolint-action@v3.3.0 with: dockerfile: Dockerfile output-file: hadolint.out format: sonarqube no-fail: true + - name: Setup Python uses: actions/setup-python@v6 with: python-version: "${{ steps.python-version.outputs.value }}" + - name: Update Pip run: | pip install -U pip + - name: Install dependencies run: | pip install -r requirements.txt pip install -r requirements-dev.txt + - name: Lint run: pylint --fail-under=8 --recursive=yes --output-format=parseable --output=lintreport.txt . + - name: Unit Test run: | coverage run -m pytest -v --junitxml=testresults.xml coverage xml sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml - - name: SonarQube Cloud Scan - uses: SonarSource/sonarqube-scan-action@v7.0.0 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - - name: Snyk Vulnerability Scan - uses: snyk/actions/python-3.10@master - continue-on-error: true # To make sure that SARIF upload gets called - env: - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - with: - args: --sarif-file-output=snyk.sarif --all-projects - - name: Upload result to GitHub Code Scanning - uses: github/codeql-action/upload-sarif@v4 - with: - sarif_file: snyk.sarif + + # - name: SonarQube Cloud Scan + # uses: SonarSource/sonarqube-scan-action@v7.0.0 + # env: + # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + + # - name: Snyk Vulnerability Scan + # uses: snyk/actions/python-3.10@master + # continue-on-error: true # To make sure that SARIF upload gets called + # env: + # SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + # with: + # args: --sarif-file-output=snyk.sarif --all-projects + + # - name: Upload result to GitHub Code Scanning + # uses: github/codeql-action/upload-sarif@v4 + # with: + # sarif_file: snyk.sarif diff --git a/.github/workflows/ci-python.yml b/.github/workflows/ci-python.yml index a110c0f..38a61f2 100644 --- a/.github/workflows/ci-python.yml +++ b/.github/workflows/ci-python.yml @@ -6,11 +6,11 @@ on: type: string default: "3.11" description: "Version of Python to use for testing environment" - secrets: - SONAR_TOKEN: - required: true - SNYK_TOKEN: - required: true + # secrets: + # SONAR_TOKEN: + # required: true + # SNYK_TOKEN: + # required: true jobs: ci: @@ -21,41 +21,50 @@ jobs: run: | PYTHON_VERSION=${{ inputs.python-version }} echo "value=${PYTHON_VERSION:-"3.11"}" >> $GITHUB_OUTPUT + - name: Check out repository code uses: actions/checkout@v6.0.1 with: fetch-depth: 0 + - name: Setup Python uses: actions/setup-python@v6 with: python-version: "${{ steps.python-version.outputs.value }}" + - name: Update Pip run: | pip install -U pip + - name: Install dependencies run: | pip install -r requirements.txt pip install -r requirements-dev.txt + - name: Lint run: pylint --fail-under=8 --recursive=yes --output-format=parseable --output=lintreport.txt . + - name: Unit Test run: | coverage run -m pytest -v --junitxml=testresults.xml coverage xml sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml - - name: SonarQube Cloud Scan - uses: SonarSource/sonarqube-scan-action@v7.0.0 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - - name: Snyk Vulnerability Scan - uses: snyk/actions/python-3.10@master - continue-on-error: true # To make sure that SARIF upload gets called - env: - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - with: - args: --sarif-file-output=snyk.sarif --all-projects - - name: Upload result to GitHub Code Scanning - uses: github/codeql-action/upload-sarif@v4 - with: - sarif_file: snyk.sarif + + # - name: SonarQube Cloud Scan + # uses: SonarSource/sonarqube-scan-action@v7.0.0 + # env: + # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + + # - name: Snyk Vulnerability Scan + # uses: snyk/actions/python-3.10@master + # continue-on-error: true # To make sure that SARIF upload gets called + # env: + # SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + # with: + # args: --sarif-file-output=snyk.sarif --all-projects + + # - name: Upload result to GitHub Code Scanning + # uses: github/codeql-action/upload-sarif@v4 + # with: + # sarif_file: snyk.sarif diff --git a/renovate.json b/renovate.json index c06930a..9e29236 100644 --- a/renovate.json +++ b/renovate.json @@ -17,6 +17,8 @@ "labels": [ "type/dependencies" ], + "osvVulnerabilityAlerts": true, + "dependencyDashboardOSVVulnerabilitySummary": "all", "vulnerabilityAlerts": { "enabled": true, "labels": [