.github/workflows/pip-audit.yml from trailofbits/protofuzz

.github/workflows/pip-audit.yml

Summary

Maintainability

Test Coverage

Issues
Source
Stats

Issues

name: Scan dependencies for vulnerabilities with pip-audit

on:
  push:
    branches: [ "master" ]
  pull_request:
    branches: [ "master" ]
  schedule:
    - cron: "0 12 * * *"

jobs:
  pip-audit:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout repository
        uses: actions/checkout@v3.1.0

      - name: Install Python
        uses: actions/setup-python@v4
        with:
          python-version: ">= 3.9"

      - name: Install project
        run: |
          python -m venv --upgrade-deps /tmp/pip-audit-env
          source /tmp/pip-audit-env/bin/activate

          python -m pip install .


      - name: Run pip-audit
        uses: pypa/gh-action-pip-audit@v1.0.5
        with:
          virtual-environment: /tmp/pip-audit-env