Merge branch '59-remove-py-safety' into 'master' (1ee631e6) · Commits · to be continuous... / Python

README.md

+0 −11

Original line number	Diff line number	Diff line
		@@ -230,17 +230,6 @@ In addition to a textual report in the console, this job produces the following
		\| `$PYTHON_PROJECT_DIR/reports/py-bandit.bandit.csv` \| [CSV](https://bandit.readthedocs.io/en/latest/formatters/csv.html) \| [SonarQube integration](https://docs.sonarqube.org/latest/analysis/external-issues/)<br/>_This report is generated only if SonarQube template is detected_ \|
		\| `$PYTHON_PROJECT_DIR/reports/py-bandit.bandit.json` \| [JSON](https://bandit.readthedocs.io/en/latest/formatters/json.html) \| [DefectDojo integration](https://defectdojo.github.io/django-DefectDojo/integrations/parsers/#bandit)<br/>_This report is generated only if DefectDojo template is detected_ \|

		### `py-safety` job (dependency check)

		This job is disabled by default and performs a dependency check analysis using [Safety](https://pypi.org/project/safety/).

		It is bound to the `test` stage, and uses the following variables:

		\| Input / Variable \| Description \| Default value \|
		\| ---------------- \| ----------------------------------------------------------------------- \| ----------------- \|
		\| `safety-enabled` / `SAFETY_ENABLED` \| Set to `true` to enable Safety job \| _none_ (disabled) \|
		\| `safety-args` / `SAFETY_ARGS` \| Additional [Safety CLI options](https://github.com/pyupio/safety#usage) \| `--full-report` \|

		### `py-trivy` job (dependency check)

		This job is disabled by default and performs a dependency check analysis using [Trivy](https://github.com/aquasecurity/trivy/).

kicker.json

+0 −14

Original line number	Diff line number	Diff line
		@@ -128,20 +128,6 @@
		}
		]
		},
		{
		"id": "safety",
		"name": "Safety",
		"description": "Detect security vulnerabilities with [Safety](https://pypi.org/project/safety/) (dependencies analysis)",
		"enable_with": "SAFETY_ENABLED",
		"variables": [
		{
		"name": "SAFETY_ARGS",
		"description": "Additional [Safety CLI options](https://github.com/pyupio/safety#usage)",
		"default": "--full-report",
		"advanced": true
		}
		]
		},
		{
		"id": "trivy",
		"name": "Trivy",

templates/gitlab-ci-python.yml

+0 −28

Original line number	Diff line number	Diff line
		@@ -96,13 +96,6 @@ spec:
		bandit-args:
		description: Additional [Bandit CLI options](https://github.com/PyCQA/bandit#usage)
		default: --recursive .
		safety-enabled:
		description: Enable Safety
		type: boolean
		default: false
		safety-args:
		description: Additional [Safety CLI options](https://github.com/pyupio/safety#usage)
		default: --full-report
		trivy-enabled:
		description: Enable Trivy
		type: boolean
		@@ -228,9 +221,6 @@ variables:

		BANDIT_ARGS: $[[ inputs.bandit-args ]]

		# Safety tool
		SAFETY_ARGS: $[[ inputs.safety-args ]]

		# Trivy tool
		PYTHON_TRIVY_ENABLED: $[[ inputs.trivy-enabled ]]
		PYTHON_TRIVY_IMAGE: $[[ inputs.trivy-image ]]
		@@ -267,7 +257,6 @@ variables:

		NOSETESTS_ENABLED: $[[ inputs.nosetests-enabled ]]
		BANDIT_ENABLED: $[[ inputs.bandit-enabled ]]
		SAFETY_ENABLED: $[[ inputs.safety-enabled ]]
		PYTHON_SBOM_DISABLED: $[[ inputs.sbom-disabled ]]
		PYTHON_RELEASE_ENABLED: $[[ inputs.release-enabled ]]

		@@ -997,23 +986,6 @@ py-bandit:
		when: never
		- !reference [.test-policy, rules]

		# Safety (dependency check)
		py-safety:
		extends: .python-base
		stage: test
		# force no dependencies
		dependencies: []
		script:
		- mkdir -p -m 777 reports
		- install_requirements
		- _pip install safety
		- _pip freeze \| _run safety check --stdin ${SAFETY_ARGS}
		rules:
		# exclude if $SAFETY_ENABLED not set
		- if: '$SAFETY_ENABLED != "true"'
		when: never
		- !reference [.test-policy, rules]

		# Trivy (dependency check)
		py-trivy:
		extends: .python-base

Original line number	Diff line number	Diff line
		@@ -230,17 +230,6 @@ In addition to a textual report in the console, this job produces the following
		\| `$PYTHON_PROJECT_DIR/reports/py-bandit.bandit.csv` \| [CSV](https://bandit.readthedocs.io/en/latest/formatters/csv.html) \| [SonarQube integration](https://docs.sonarqube.org/latest/analysis/external-issues/)<br/>_This report is generated only if SonarQube template is detected_ \|
		\| `$PYTHON_PROJECT_DIR/reports/py-bandit.bandit.json` \| [JSON](https://bandit.readthedocs.io/en/latest/formatters/json.html) \| [DefectDojo integration](https://defectdojo.github.io/django-DefectDojo/integrations/parsers/#bandit)<br/>_This report is generated only if DefectDojo template is detected_ \|

		### `py-safety` job (dependency check)

		This job is disabled by default and performs a dependency check analysis using [Safety](https://pypi.org/project/safety/).

		It is bound to the `test` stage, and uses the following variables:

		\| Input / Variable \| Description \| Default value \|
		\| ---------------- \| ----------------------------------------------------------------------- \| ----------------- \|
		\| `safety-enabled` / `SAFETY_ENABLED` \| Set to `true` to enable Safety job \| _none_ (disabled) \|
		\| `safety-args` / `SAFETY_ARGS` \| Additional [Safety CLI options](https://github.com/pyupio/safety#usage) \| `--full-report` \|

		### `py-trivy` job (dependency check)

		This job is disabled by default and performs a dependency check analysis using [Trivy](https://github.com/aquasecurity/trivy/).