oib/aitbc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ci: fix venv activation in security scanning workflow
Some checks failed
Security Scanning / security-scan (push) Failing after 2s
Details

Browse Source 
Changed from `source venv/bin/activate` to direct venv/bin/pip-audit and venv/bin/bandit calls to match the pattern used in other workflows for more reliable venv usage.
This commit is contained in:
aitbc
2026-04-19 21:21:49 +02:00
parent b293059bd6
commit 3a5e8782ca
1 changed files with 3 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
.gitea/workflows/security-scanning.yml
View File

@@ -52,18 +52,16 @@ jobs:
- name: Python dependency audit - name: Python dependency audit
run: | run: |
cd /var/lib/aitbc-workspaces/security-scan/repo cd /var/lib/aitbc-workspaces/security-scan/repo
source venv/bin/activate
echo "=== Dependency Audit ===" echo "=== Dependency Audit ==="
pip-audit -r requirements.txt --desc venv/bin/pip-audit -r requirements.txt --desc
echo "✅ Dependency audit completed" echo "✅ Dependency audit completed"
- name: Bandit security scan - name: Bandit security scan
run: | run: |
cd /var/lib/aitbc-workspaces/security-scan/repo cd /var/lib/aitbc-workspaces/security-scan/repo
source venv/bin/activate
echo "=== Bandit Security Scan ===" echo "=== Bandit Security Scan ==="
if [[ "${{ github.event_name }}" == "schedule" || "${{ github.event_name }}" == "workflow_dispatch" ]]; then if [[ "${{ github.event_name }}" == "schedule" || "${{ github.event_name }}" == "workflow_dispatch" ]]; then
bandit -r apps/ packages/py/ cli/ \ venv/bin/bandit -r apps/ packages/py/ cli/ \
-s B101,B311 \ -s B101,B311 \
--severity-level medium \ --severity-level medium \
-f txt -q -f txt -q
@@ -76,7 +74,7 @@ jobs:
fi fi
printf '%s\n' "${python_files[@]}" printf '%s\n' "${python_files[@]}"
bandit \ venv/bin/bandit \
-s B101,B311 \ -s B101,B311 \
--severity-level medium \ --severity-level medium \
-f txt -q \ -f txt -q \