Skip to content
shield

GitHub Action

Python Safety Check

v1.0.6 Latest version

Python Safety Check

shield

Python Safety Check

Helps to find known security vulnerabilities in your python application

Installation

Copy and paste the following snippet into your .yml file.

              

- name: Python Safety Check

uses: aufdenpunkt/[email protected]

Learn more about this action in aufdenpunkt/python-safety-check

Choose a version

Python safety check

This GitHub action is helpful to find known security vulnerabilities in your python application.

Workflow integration

You can use this action in a workflow, to find known continuously security vulnerabilities. It is using the python package safety, which is checking against the Safety DB.

Example configuration:

name: Python safety check

on:
  push:
    branches:
      - master

env:
  DEP_PATH: src/requirements.txt

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - name: Check out master
        uses: actions/checkout@master

      - name: Security vulnerabilities scan
        uses: aufdenpunkt/python-safety-check@master

ENV variables

To let the script know, where your requirements.txt file located is, you can to set the DEP_PATH environment variable. By default, the script will check the root of the repository for requirements.txt file. See the example above.

Parameters

safety_args

This parameter is useful if you want to provide additional arguments to the command call. In the example below, I want to ignore a specific known issue. But you can pass any argument, which you can find in the documentation.

Example:

- name: Security vulnerabilities scan
  uses: aufdenpunkt/python-safety-check@master
  with:
    safety_args: '-i 35015'

scan_requirements_file_only

If you want to check only packages defined in your requirements.txt you are able to set this parameter to 'true'.

Example:

- name: Security vulnerabilities scan
  uses: aufdenpunkt/python-safety-check@master
  with:
    scan_requirements_file_only: 'true'

Workflow customization

See full instructions for Configuring and managing workflows.

For help editing the YAML file, see Workflow syntax for GitHub Actions.