Skip to content

Commit

Permalink
pin pip dependencies to specific version and enable dependabot (#9)
Browse files Browse the repository at this point in the history
  • Loading branch information
@gdams
gdams authored May 3, 2024
1 parent 8594abf commit 4eeb42a
Show file tree
Hide file tree
Showing 7 changed files with 14 additions and 20 deletions.
5 changes: 5 additions & 0 deletions .github/dependabot.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,3 +8,8 @@ updates:
schedule:
interval: daily
open-pull-requests-limit: 10
- package-ecosystem: pip
directory: "/"
schedule:
interval: daily
open-pull-requests-limit: 10
4 changes: 4 additions & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
@@ -1 +1,5 @@
**/__pycache__/*
lib/
bin/
share/
pyvenv.cfg
6 changes: 0 additions & 6 deletions cvereporter/fetch_vulnerabilities.py
View file
Original file line number Diff line number Diff line change
@@ -1,19 +1,13 @@
#!/usr/bin/env python3

import argparse
import json
import requests
from bs4 import BeautifulSoup
from datetime import datetime
from cyclonedx.model.impact_analysis import ImpactAnalysisAffectedStatus
from cyclonedx.model.vulnerability import (
Vulnerability,
VulnerabilitySource,
VulnerabilityScoreSource,
VulnerabilityRating,
VulnerabilitySeverity,
BomTarget,
BomTargetVersionRange,
)

"""
Expand Down
4 changes: 0 additions & 4 deletions cvereporter/nist_enhance.py
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,8 @@
from cyclonedx.model.impact_analysis import ImpactAnalysisAffectedStatus
from cyclonedx.model.vulnerability import (
Vulnerability,
VulnerabilitySource,
VulnerabilityScoreSource,
VulnerabilityRating,
VulnerabilitySeverity,
BomTarget,
BomTargetVersionRange,
)
import requests
import json
Expand Down
5 changes: 1 addition & 4 deletions cvereporter/report.py
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
from cyclonedx.exception import MissingOptionalDependencyException
from cyclonedx.factory.license import LicenseFactory
from cyclonedx.model import OrganizationalEntity, XsUri, ExternalReferenceType
from cyclonedx.model import XsUri, ExternalReferenceType
from cyclonedx.model.bom import Bom
from cyclonedx.model.component import Component, ComponentType, ExternalReference
from cyclonedx.model.impact_analysis import ImpactAnalysisAffectedStatus
Expand All @@ -14,8 +13,6 @@
BomTargetVersionRange,
)
from cyclonedx.output.json import JsonV1Dot4
from cyclonedx.schema import SchemaVersion, OutputFormat
from cyclonedx.validation.json import JsonStrictValidator
from datetime import datetime

"""
Expand Down
2 changes: 1 addition & 1 deletion ojvg_convert.py
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
import json
from cve_pipeline import fetch_vulnerabilities, report, nist_enhance
from cvereporter import fetch_vulnerabilities, report, nist_enhance

"""
This file will take a downloaded version of all the CVEs from OJVG which are retrieved by ojvg_download.py and enhance with NIST data, resulting in the creation of the VDR.
Expand Down
8 changes: 3 additions & 5 deletions requirements.txt
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,3 @@
beautifulsoup4
requests
cyclonedx-python-lib
pytest
black
beautifulsoup4==4.12.3
cyclonedx-python-lib===7.3.1
requests==2.31.0

0 comments on commit 4eeb42a

Please sign in to comment.