Compare commits
6 Commits
9adbb74602
...
0.6.1
| Author | SHA1 | Date | |
|---|---|---|---|
7a680eaab2
|
|||
|
12d6f5fd2f
|
|||
| 07d31d6f83 | |||
|
65d2cd7fee
|
|||
|
46e83e3e48
|
|||
| 3e1b2e5488 |
@@ -22,8 +22,15 @@ jobs:
|
||||
- name: Run pre-commit hooks
|
||||
run: pre-commit run --all-files --color always
|
||||
|
||||
- name: Install Poetry
|
||||
run: |
|
||||
pip install poetry
|
||||
poetry self add poetry-plugin-export
|
||||
|
||||
- name: Install pip-audit
|
||||
run: pip install pip-audit
|
||||
|
||||
- name: Run pip-audit
|
||||
run: pip-audit
|
||||
- name: Audit dependencies (Poetry lockfile)
|
||||
run: |
|
||||
poetry export -f requirements.txt --without-hashes \
|
||||
| pip-audit -r /dev/stdin
|
||||
|
||||
61
.gitea/workflows/trivy-scan.yml
Normal file
61
.gitea/workflows/trivy-scan.yml
Normal file
@@ -0,0 +1,61 @@
|
||||
---
|
||||
name: Trivy Scan
|
||||
on:
|
||||
schedule:
|
||||
- cron: 17 8 * * *
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
security-scan:
|
||||
runs-on: running-man
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Trivy scan via Docker
|
||||
id: trivy
|
||||
continue-on-error: true
|
||||
run: |
|
||||
docker run --rm \
|
||||
--volumes-from "$HOSTNAME" \
|
||||
aquasec/trivy:latest \
|
||||
fs /workspace/guardutils/mirro \
|
||||
--scanners vuln \
|
||||
--pkg-types library \
|
||||
--include-dev-deps \
|
||||
--severity MEDIUM,HIGH,CRITICAL \
|
||||
--ignore-unfixed \
|
||||
--format json \
|
||||
--output /workspace/guardutils/mirro/trivy.json \
|
||||
--exit-code 1
|
||||
|
||||
- name: Notify Node-RED on vulnerabilities
|
||||
if: steps.trivy.outcome == 'failure'
|
||||
run: |
|
||||
jq -r '
|
||||
{
|
||||
repo: "guardutils/mirro",
|
||||
summary: (
|
||||
"Total: " +
|
||||
((.Results[].Vulnerabilities | length) | tostring)
|
||||
),
|
||||
vulnerabilities: [
|
||||
.Results[].Vulnerabilities[] | {
|
||||
library: .PkgName,
|
||||
cve: .VulnerabilityID,
|
||||
severity: .Severity,
|
||||
installed: .InstalledVersion,
|
||||
fixed: .FixedVersion,
|
||||
title: .Title,
|
||||
url: .PrimaryURL
|
||||
}
|
||||
]
|
||||
}
|
||||
' trivy.json \
|
||||
| curl -s -X POST https://nodered.sysmd.uk/trivy-alert \
|
||||
-H "Content-Type: application/json" \
|
||||
--data-binary @-
|
||||
|
||||
- name: Fail workflow if vulnerabilities found
|
||||
if: steps.trivy.outcome == 'failure'
|
||||
run: exit 1
|
||||
@@ -4,6 +4,10 @@
|
||||
|
||||
# mirro
|
||||
|
||||
<div align="center">
|
||||
<img src="mirro.png" alt="mirro logo" width="256" />
|
||||
</div>
|
||||
|
||||
**mirro** is a tiny safety-first editing wrapper for text files.
|
||||
You edit a temporary file, **mirro** detects whether anything changed, and if it did, it saves a backup of the original before writing your changes.
|
||||
|
||||
|
||||
14
poetry.lock
generated
14
poetry.lock
generated
@@ -173,13 +173,13 @@ test = ["pytest (>=6)"]
|
||||
|
||||
[[package]]
|
||||
name = "filelock"
|
||||
version = "3.20.0"
|
||||
version = "3.20.3"
|
||||
description = "A platform independent file lock."
|
||||
optional = false
|
||||
python-versions = ">=3.10"
|
||||
files = [
|
||||
{file = "filelock-3.20.0-py3-none-any.whl", hash = "sha256:339b4732ffda5cd79b13f4e2711a31b0365ce445d95d243bb996273d072546a2"},
|
||||
{file = "filelock-3.20.0.tar.gz", hash = "sha256:711e943b4ec6be42e1d4e6690b48dc175c822967466bb31c0c293f34334c13f4"},
|
||||
{file = "filelock-3.20.3-py3-none-any.whl", hash = "sha256:4b0dda527ee31078689fc205ec4f1c1bf7d56cf88b6dc9426c4f230e46c2dce1"},
|
||||
{file = "filelock-3.20.3.tar.gz", hash = "sha256:18c57ee915c7ec61cff0ecf7f0f869936c7c30191bb0cf406f1341778d0834e1"},
|
||||
]
|
||||
|
||||
[[package]]
|
||||
@@ -480,18 +480,18 @@ files = [
|
||||
|
||||
[[package]]
|
||||
name = "virtualenv"
|
||||
version = "20.35.4"
|
||||
version = "20.36.1"
|
||||
description = "Virtual Python Environment builder"
|
||||
optional = false
|
||||
python-versions = ">=3.8"
|
||||
files = [
|
||||
{file = "virtualenv-20.35.4-py3-none-any.whl", hash = "sha256:c21c9cede36c9753eeade68ba7d523529f228a403463376cf821eaae2b650f1b"},
|
||||
{file = "virtualenv-20.35.4.tar.gz", hash = "sha256:643d3914d73d3eeb0c552cbb12d7e82adf0e504dbf86a3182f8771a153a1971c"},
|
||||
{file = "virtualenv-20.36.1-py3-none-any.whl", hash = "sha256:575a8d6b124ef88f6f51d56d656132389f961062a9177016a50e4f507bbcc19f"},
|
||||
{file = "virtualenv-20.36.1.tar.gz", hash = "sha256:8befb5c81842c641f8ee658481e42641c68b5eab3521d8e092d18320902466ba"},
|
||||
]
|
||||
|
||||
[package.dependencies]
|
||||
distlib = ">=0.3.7,<1"
|
||||
filelock = ">=3.12.2,<4"
|
||||
filelock = {version = ">=3.20.1,<4", markers = "python_version >= \"3.10\""}
|
||||
platformdirs = ">=3.9.1,<5"
|
||||
typing-extensions = {version = ">=4.13.2", markers = "python_version < \"3.11\""}
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
[tool.poetry]
|
||||
name = "mirro"
|
||||
version = "0.6.0"
|
||||
version = "0.6.1"
|
||||
description = "A safe editing wrapper: edits a temp copy, compares, and saves original backup if changed."
|
||||
authors = ["Marco D'Aleo <marco@marcodaleo.com>"]
|
||||
license = "GPL-3.0-or-later"
|
||||
|
||||
Reference in New Issue
Block a user