Skip to content

Update coverage.yml #25

Update coverage.yml

Update coverage.yml #25

Workflow file for this run

name: Bandit Security Scan
on:
push:
branches:
- main
pull_request:
branches:
- main
jobs:
security_scan:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Set up Python
uses: actions/setup-python@v2
with:
python-version: 3.8
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements.txt
pip install bandit
- name: Run Bandit
id: bandit
run: bandit -r . --format json -o bandit_results.json
- name: Save Bandit Results as Artifact
uses: actions/upload-artifact@v2
with:
name: bandit-results
path: bandit_results.json
- name: Determine Badge URL
id: determine_badge
run: |
cat<<EOF>>badge.py
import json
with open('bandit_results.json') as f:
results = json.load(f)
if results['metrics']['_totals']['SEVERITY.HIGH'] > 0 or results['metrics']['_totals']['SEVERITY.MEDIUM'] > 0 or results['metrics']['_totals']['SEVERITY.LOW'] > 0:
badge_url = 'https://img.shields.io/badge/Bandit-Issues%20Detected-red?label=high%3A{}%20medium%3A{}%20low%3A{}'.format(
results['metrics']['_totals']['SEVERITY.HIGH'],
results['metrics']['_totals']['SEVERITY.MEDIUM'],
results['metrics']['_totals']['SEVERITY.LOW']
)
else:
badge_url = 'https://img.shields.io/badge/Bandit-No%20Issues%20Found-brightgreen'
print(badge_url)
EOF
chmod +x badge.py
python badge.py
echo "badge_url=$(python badge.py)" >> "$GITHUB_ENV"
- name: Update README with Badge
run: |
sed -i "s|!\[Bandit Workflow\]\([^)]+\)|![Bandit Workflow](${badge_url})|" README.md