chore(ci): remove Snyk workflow for security monitoring (#411)

Reviewed-on: #411
2026-01-21 20:36:36 +00:00
parent 2894255bd0
commit 2cce03cab1
4 changed files with 21 additions and 19 deletions
--- a/.gitea/workflows-disabled/snyk.yml
+++ b/.gitea/workflows-disabled/snyk.yml
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@@ -64,19 +64,19 @@ jobs:
      #     SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST_URL }}
      #     SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}

-      - name: Set up environment for Snyk
-        run: |
-          uv pip freeze > requirements.txt
-          mv pyproject.toml pyproject.toml.bak
-          mv uv.lock uv.lock.bak
+      # - name: Set up environment for Snyk
+      #   run: |
+      #     uv pip freeze > requirements.txt
+      #     mv pyproject.toml pyproject.toml.bak
+      #     mv uv.lock uv.lock.bak

-      - name: Snyk SAST Scan
-        uses: snyk/actions/python@master
-        env:
-          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-        with:
-          # command: snyk
-          args: snyk code test #--all-projects --exclude=.archive
+      # - name: Snyk SAST Scan
+      #   uses: snyk/actions/python@master
+      #   env:
+      #     SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+      #   with:
+      #     # command: snyk
+      #     args: snyk code test #--all-projects --exclude=.archive

      # - name: Snyk Vulnerability Scan
      #   uses: snyk/actions/python@master
@@ -88,8 +88,8 @@ jobs:
      #     # command: snyk
      #     args: snyk test #--all-projects --exclude=.archive
      
-      - name: Reverse set up environment for Snyk
-        run: |
-          rm -f requirements.txt
-          mv pyproject.toml.bak pyproject.toml
-          mv uv.lock.bak uv.lock
+      # - name: Reverse set up environment for Snyk
+      #   run: |
+      #     rm -f requirements.txt
+      #     mv pyproject.toml.bak pyproject.toml
+      #     mv uv.lock.bak uv.lock
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -13,8 +13,8 @@ dependencies = [
    "requests<3.0.0,>=2.32.3",
 ]

-[tool.uv]
-dev-dependencies = [
+[dependency-groups]
+dev = [
    "black<26.1.1,>=26.1.0",
    "coverage<8.0.0,>=7.6.10",
    "isort<7.0.1,>=7.0.0",
--- a/renovate.json
+++ b/renovate.json
@@ -11,6 +11,8 @@
  "semanticCommits": "enabled",
  "semanticCommitScope": "deps",
  "semanticCommitType": "feat",
+  "osvVulnerabilityAlerts": true,
+  "dependencyDashboardOSVVulnerabilitySummary": "all",
  "vulnerabilityAlerts": {
    "commitMessagePrefix": "[SECURITY] ",
    "enabled": true,