diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml index 571bb6e..95425df 100644 --- a/.gitea/workflows/ci.yml +++ b/.gitea/workflows/ci.yml @@ -78,47 +78,18 @@ jobs: # command: snyk args: snyk code test #--all-projects --exclude=.archive - - name: Snyk Vulnerability Scan - uses: snyk/actions/python@master - continue-on-error: true # Sometimes vulns aren't immediately fixable - env: - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - DEBUG: "*snyk*" - with: - # command: snyk - args: snyk test #--all-projects --exclude=.archive + # - name: Snyk Vulnerability Scan + # uses: snyk/actions/python@master + # continue-on-error: true # Sometimes vulns aren't immediately fixable + # env: + # SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + # DEBUG: "*snyk*" + # with: + # # command: snyk + # args: snyk test #--all-projects --exclude=.archive - name: Reverse set up environment for Snyk run: | rm -f requirements.txt mv pyproject.toml.bak pyproject.toml mv uv.lock.bak uv.lock - - # - name: Trivy Setup - # uses: aquasecurity/setup-trivy@v0.2.0 - # with: - # cache: true - # version: v0.61.1 - - # - name: Trivy Vulnerability Scan - # uses: aquasecurity/trivy-action@master - # with: - # skip-setup-trivy: true - # scan-type: "fs" - # scan-ref: "${{ gitea.workspace }}" - # exit-code: "1" - # ignore-unfixed: true - # format: "table" - # severity: "CRITICAL,HIGH,MEDIUM" - # scanners: "vuln,secret,misconfig,license" - - # - name: Trivy Vulnerability Scan (Docker) - # uses: aquasecurity/trivy-action@master - # with: - # skip-setup-trivy: true - # image-ref: "docker.io/my-organization/my-app:${{ github.sha }}" - # format: "table" - # exit-code: "1" - # ignore-unfixed: true - # vuln-type: 'os,library' - # severity: "CRITICAL,HIGH,MEDIUM"