From 199320a94ab0d708687cb6c68e717223ca1f4276 Mon Sep 17 00:00:00 2001 From: Ruslan Bel'kov Date: Tue, 10 Dec 2024 20:28:32 +0300 Subject: [PATCH] ci: add bandit summary --- .github/workflows/bandit.yaml | 56 ++++++++++++++++++++++------------- 1 file changed, 35 insertions(+), 21 deletions(-) diff --git a/.github/workflows/bandit.yaml b/.github/workflows/bandit.yaml index c85a268..969afd2 100644 --- a/.github/workflows/bandit.yaml +++ b/.github/workflows/bandit.yaml @@ -1,30 +1,44 @@ name: Bandit Scan -on: [push] +on: [ push ] jobs: - bandit: - name: Run Bandit Scan - runs-on: ubuntu-latest + bandit: + name: Run Bandit Scan + runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v4 + steps: + - name: Checkout code + uses: actions/checkout@v4 - - name: Set up Python - uses: actions/setup-python@v5 - with: - python-version: 3.12 + - name: Set up Python + uses: actions/setup-python@v5 + with: + python-version: 3.12 - - name: Install Bandit - run: pip install bandit + - name: Install Bandit + run: pip install bandit - - name: Run Bandit Scan - run: bandit -ll -ii -r . -f json -o bandit-report.json + - name: Run Bandit Scan + run: bandit -ll -ii -r . -f json -o bandit-report.json - - name: Upload Artifact - uses: actions/upload-artifact@v4 - if: always() - with: - name: bandit-findings.json - path: bandit-report.json + - name: Parse Bandit Report and Generate Summary + run: | + echo "### Bandit Security Scan Results" >> $GITHUB_STEP_SUMMARY + echo "" >> $GITHUB_STEP_SUMMARY + echo "#### Summary" >> $GITHUB_STEP_SUMMARY + python - <