Add security checks for the dependencies
- add a nox session "safety"
This commit is contained in:
parent
8586db58c7
commit
48fe2f6879
GPG key ID:
344EA5AB10D868E0
1 changed files with 22 additions and 0 deletions
22
noxfile.py
22
noxfile.py
|
|
@ -36,6 +36,7 @@ nox.options.sessions = (
|
|||
'lint',
|
||||
f'test-{MAIN_PYTHON}',
|
||||
f'test-{NEXT_PYTHON}',
|
||||
'safety',
|
||||
)
|
||||
|
||||
|
||||
|
|
@ -197,6 +198,27 @@ def pre_merge(session):
|
|||
test(session)
|
||||
|
||||
|
||||
@nox.session(python=MAIN_PYTHON)
|
||||
def safety(session):
|
||||
"""Check the dependencies for known security vulnerabilities."""
|
||||
_begin(session)
|
||||
# We do not pin the version of `safety` to always check with
|
||||
# the latest version. The risk this breaks the CI is rather low.
|
||||
session.install('safety')
|
||||
with tempfile.NamedTemporaryFile() as requirements_txt:
|
||||
session.run(
|
||||
'poetry',
|
||||
'export',
|
||||
'--dev',
|
||||
'--format=requirements.txt',
|
||||
f'--output={requirements_txt.name}',
|
||||
external=True,
|
||||
)
|
||||
session.run(
|
||||
'safety', 'check', f'--file={requirements_txt.name}', '--full-report',
|
||||
)
|
||||
|
||||
|
||||
def _begin(session):
|
||||
"""Show generic info about a session."""
|
||||
if session.posargs:
|
||||
|
|
|
|||
Loading…
Reference in a new issue