Add security checks for the dependencies
- add a nox session "safety"
This commit is contained in:
parent
8586db58c7
commit
48fe2f6879
GPG key ID:
344EA5AB10D868E0
1 changed files with 22 additions and 0 deletions
22
noxfile.py
22
noxfile.py
|
|
@ -36,6 +36,7 @@ nox.options.sessions = (
|
||||||
'lint',
|
'lint',
|
||||||
f'test-{MAIN_PYTHON}',
|
f'test-{MAIN_PYTHON}',
|
||||||
f'test-{NEXT_PYTHON}',
|
f'test-{NEXT_PYTHON}',
|
||||||
|
'safety',
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -197,6 +198,27 @@ def pre_merge(session):
|
||||||
test(session)
|
test(session)
|
||||||
|
|
||||||
|
|
||||||
|
@nox.session(python=MAIN_PYTHON)
|
||||||
|
def safety(session):
|
||||||
|
"""Check the dependencies for known security vulnerabilities."""
|
||||||
|
_begin(session)
|
||||||
|
# We do not pin the version of `safety` to always check with
|
||||||
|
# the latest version. The risk this breaks the CI is rather low.
|
||||||
|
session.install('safety')
|
||||||
|
with tempfile.NamedTemporaryFile() as requirements_txt:
|
||||||
|
session.run(
|
||||||
|
'poetry',
|
||||||
|
'export',
|
||||||
|
'--dev',
|
||||||
|
'--format=requirements.txt',
|
||||||
|
f'--output={requirements_txt.name}',
|
||||||
|
external=True,
|
||||||
|
)
|
||||||
|
session.run(
|
||||||
|
'safety', 'check', f'--file={requirements_txt.name}', '--full-report',
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
def _begin(session):
|
def _begin(session):
|
||||||
"""Show generic info about a session."""
|
"""Show generic info about a session."""
|
||||||
if session.posargs:
|
if session.posargs:
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue