From 94a3512d6a462f14caec4e2e4c65068d17f6532c Mon Sep 17 00:00:00 2001 From: "Mr. Walls" Date: Sun, 8 Sep 2024 22:06:27 -0700 Subject: [PATCH 1/3] Create dependabot.yml Development branch. --- .github/dependabot.yml | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..926b470 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,23 @@ +# To get started with Dependabot version updates, you'll need to specify which +# package ecosystems to update and where the package manifests are located. +# Please see the documentation for all configuration options: +# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file + +version: 2 +updates: + - package-ecosystem: "github-actions" # See documentation for possible values + directory: "/" # Location of action.yml + target-branch: "main" + rebase-strategy: "disabled" + # Labels on pull requests for version updates only + labels: + - "GitHub" + - "Testing" + assignees: + - "reactive-firewall" + commit-message: + prefix: "[UPDATE] " + include: "scope" + schedule: + interval: "weekly" + day: "tuesday" From 2d60b3aecf18007967b18d22115179b9fcbb4c6a Mon Sep 17 00:00:00 2001 From: "Mr. Walls" Date: Sun, 8 Sep 2024 22:20:23 -0700 Subject: [PATCH 2/3] Update README.md --- README.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 3c2edb9..5f6414c 100644 --- a/README.md +++ b/README.md @@ -11,7 +11,7 @@ Bandit is a tool designed to find common security issues in Python code. This ac To run a bandit scan include a step like this: ```yaml - uses: shundor/bandit-action@v1 + uses: reactive-firewall/bandit-action@v2 with: path: "." level: high @@ -66,4 +66,7 @@ The action will create an artifact containing the sarif output. ## Credits -- :bow: This action is based on [bandit-action](https://github.com/mdegis/bandit-action) by [Melih Değiş](https://github.com/mdegis/). \ No newline at end of file +- :bow: This action is based on [bandit-action](https://github.com/mdegis/bandit-action) by [Melih Değiş](https://github.com/mdegis/). +- :bow: This action is _also_ based on [python-bandit-scan](https://github.com/shundor/python-bandit-scan) by [shundor](https://github.com/shundor). +- :bow: This fork includes fixes proposed by [Kenta Nakase](https://github.com/parroty) and [Thiago Grisolfi](https://github.com/Grisolfi) ... 🎉 but automated by @dependabot + From 5490c83374f6a990ef7e9c82cf694e7fde949e7a Mon Sep 17 00:00:00 2001 From: "Mr. Walls" Date: Sun, 8 Sep 2024 22:33:42 -0700 Subject: [PATCH 3/3] Update name in action.yml --- action.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/action.yml b/action.yml index df686a5..4c60489 100644 --- a/action.yml +++ b/action.yml @@ -1,4 +1,4 @@ -name: 'Bandit Scan' +name: 'Python Bandit Scan' description: 'Bandit Scan' branding: icon: arrow-left @@ -113,7 +113,7 @@ runs: INPUT_INI_PATH: ${{ inputs.ini_path }} - name: Upload artifact - uses: actions/upload-artifact@main + uses: actions/upload-artifact@v4 with: name: results.sarif path: results.sarif pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy