Skip to content
Security Scanning

Complete TD-001 and TD-002: Upgrade to Python 3.11+ and OSMnx 2.0.6 #34

Sign in to view logs

Complete TD-001 and TD-002: Upgrade to Python 3.11+ and OSMnx 2.0.6

Complete TD-001 and TD-002: Upgrade to Python 3.11+ and OSMnx 2.0.6 #34

Workflow file for this run

.github/workflows/security.yml at 2264ecc
name: Security Scanning
on:
push:
branches: ["main", "claude/**"]
pull_request:
branches: ["main"]
schedule:
# Run weekly on Monday at 9:00 AM UTC
- cron: '0 9 * * 1'
workflow_dispatch:
permissions:
contents: read
security-events: write
jobs:
dependency-scan:
name: Dependency Vulnerability Scan
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.11'
- name: Install uv
uses: astral-sh/setup-uv@v4
with:
enable-cache: true
- name: Install dependencies
run: uv sync --all-groups
- name: Run pip-audit
run: uv run pip-audit --desc --format json --output pip-audit-report.json || true
- name: Display pip-audit results
run: uv run pip-audit --desc
- name: Upload pip-audit results
if: always()
uses: actions/upload-artifact@v4
with:
name: pip-audit-report
path: pip-audit-report.json
retention-days: 30
bandit-scan:
name: Security Code Scan (Bandit)
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.11'
- name: Install uv
uses: astral-sh/setup-uv@v4
with:
enable-cache: true
- name: Install dependencies
run: uv sync --all-groups
- name: Run bandit
run: uv run bandit -r src/ -f json -o bandit-report.json || true
- name: Display bandit results
run: uv run bandit -r src/ -f screen
- name: Upload bandit results
if: always()
uses: actions/upload-artifact@v4
with:
name: bandit-report
path: bandit-report.json
retention-days: 30