run vulnerability scan

Azure · Nov 21, 2024 · 9c01d26 · 9c01d26
1 parent 70907ba
commit 9c01d26
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 1 deletion.
diff --git a/eng/templates/jobs/build.yml b/eng/templates/jobs/build.yml
@@ -21,4 +21,8 @@ jobs:
           python -m pip install .
         displayName: 'Build python worker'
         # Skip the build stage for SDK and Extensions release branches. This stage will fail because pyproject.toml contains the updated (and unreleased) library version
-        condition: and(eq(variables.isSdkRelease, false), eq(variables.isExtensionsRelease, false), eq(variables['USETESTPYTHONSDK'], false), eq(variables['USETESTPYTHONEXTENSIONS'], false))
+        condition: and(eq(variables.isSdkRelease, false), eq(variables.isExtensionsRelease, false), eq(variables['USETESTPYTHONSDK'], false), eq(variables['USETESTPYTHONEXTENSIONS'], false))
+      - bash: |
+          pip install pip-audit
+          pip-audit -r requirements.txt
+        displayName: 'Run vulnerability scan'
diff --git a/pack/templates/macos_64_env_gen.yml b/pack/templates/macos_64_env_gen.yml
@@ -12,6 +12,10 @@ steps:
   inputs:
     disableAutoCwd: true
     scriptPath: 'pack/scripts/mac_arm64_deps.sh'
+- bash: |
+    pip install pip-audit
+    pip-audit -r requirements.txt
+  displayName: 'Run vulnerability scan'
 - task: CopyFiles@2
   inputs:
     contents: |

diff --git a/pack/templates/nix_env_gen.yml b/pack/templates/nix_env_gen.yml
@@ -12,6 +12,10 @@ steps:
   inputs:
     disableAutoCwd: true
     scriptPath: 'pack/scripts/nix_deps.sh'
+- bash: |
+    pip install pip-audit
+    pip-audit -r requirements.txt
+  displayName: 'Run vulnerability scan'
 - task: CopyFiles@2
   inputs:
     contents: |

diff --git a/pack/templates/win_env_gen.yml b/pack/templates/win_env_gen.yml
@@ -12,6 +12,10 @@ steps:
 - task: PowerShell@2
   inputs:
     filePath: 'pack\scripts\win_deps.ps1'
+- bash: |
+    pip install pip-audit
+    pip-audit -r requirements.txt
+  displayName: 'Run vulnerability scan'
 - task: CopyFiles@2
   inputs:
     contents: |