Dependency scan #90
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright (c) 2026 Santander Group | |
| # SPDX-License-Identifier: Apache-2.0 | |
| # | |
| # Dependency vulnerability scan with pip-audit. | |
| # The core install has no required runtime dependencies; this installs the | |
| # optional vendor SDK extras and audits the resolved environment so that | |
| # advisories in the optional adapters are still surfaced. | |
| name: Dependency scan | |
| on: | |
| push: | |
| branches: [main, development] | |
| pull_request: | |
| schedule: | |
| - cron: "37 4 * * *" # daily 04:37 UTC | |
| permissions: | |
| contents: read | |
| jobs: | |
| pip-audit: | |
| name: pip-audit | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 | |
| - name: Set up Python | |
| uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6.3.0 | |
| with: | |
| python-version: "3.11" | |
| cache: pip | |
| - name: Install package with all extras | |
| run: | | |
| python -m pip install --upgrade pip "setuptools>=83.0.0" | |
| pip install -e ".[all]" | |
| - name: Run pip-audit | |
| uses: pypa/gh-action-pip-audit@1220774d901786e6f652ae159f7b6bc8fea6d266 # v1.1.0 | |
| with: | |
| local: true | |
| vulnerability-service: osv |