Skip to content

Merge pull request #409 from netscaler/update-trivy #51

Merge pull request #409 from netscaler/update-trivy

Merge pull request #409 from netscaler/update-trivy #51

Workflow file for this run

---
name: Bandit Security Check
on:
workflow_dispatch:
pull_request:
push:
jobs:
bandit-check:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.x'
- name: Install Bandit with Sarif extras
run: pip install "bandit[sarif]"
- name: Run Bandit
id: bandit
continue-on-error: true
run: |
set +e
set +x
bandit -r . -f sarif -o bandit-output.sarif
echo "exit_code=$?" >> $GITHUB_OUTPUT
cat bandit-output.sarif
- name: Upload Bandit scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: "bandit-output.sarif"
- name: Fail if Bandit run had errors
if: steps.bandit.outputs.exit_code != 0
run: exit 1