From 9c01d26c9a5488a7fe8e9b35e30a7382eca36b06 Mon Sep 17 00:00:00 2001 From: Victoria Hall Date: Thu, 21 Nov 2024 11:44:40 -0600 Subject: [PATCH] run vulnerability scan --- eng/templates/jobs/build.yml | 6 +++++- pack/templates/macos_64_env_gen.yml | 4 ++++ pack/templates/nix_env_gen.yml | 4 ++++ pack/templates/win_env_gen.yml | 4 ++++ 4 files changed, 17 insertions(+), 1 deletion(-) diff --git a/eng/templates/jobs/build.yml b/eng/templates/jobs/build.yml index 3b0500df..dd422f4f 100644 --- a/eng/templates/jobs/build.yml +++ b/eng/templates/jobs/build.yml @@ -21,4 +21,8 @@ jobs: python -m pip install . displayName: 'Build python worker' # Skip the build stage for SDK and Extensions release branches. This stage will fail because pyproject.toml contains the updated (and unreleased) library version - condition: and(eq(variables.isSdkRelease, false), eq(variables.isExtensionsRelease, false), eq(variables['USETESTPYTHONSDK'], false), eq(variables['USETESTPYTHONEXTENSIONS'], false)) \ No newline at end of file + condition: and(eq(variables.isSdkRelease, false), eq(variables.isExtensionsRelease, false), eq(variables['USETESTPYTHONSDK'], false), eq(variables['USETESTPYTHONEXTENSIONS'], false)) + - bash: | + pip install pip-audit + pip-audit -r requirements.txt + displayName: 'Run vulnerability scan' \ No newline at end of file diff --git a/pack/templates/macos_64_env_gen.yml b/pack/templates/macos_64_env_gen.yml index 8fb49f73..87fb2d20 100644 --- a/pack/templates/macos_64_env_gen.yml +++ b/pack/templates/macos_64_env_gen.yml @@ -12,6 +12,10 @@ steps: inputs: disableAutoCwd: true scriptPath: 'pack/scripts/mac_arm64_deps.sh' +- bash: | + pip install pip-audit + pip-audit -r requirements.txt + displayName: 'Run vulnerability scan' - task: CopyFiles@2 inputs: contents: | diff --git a/pack/templates/nix_env_gen.yml b/pack/templates/nix_env_gen.yml index 7c2b6870..9ef378d8 100644 --- a/pack/templates/nix_env_gen.yml +++ b/pack/templates/nix_env_gen.yml @@ -12,6 +12,10 @@ steps: inputs: disableAutoCwd: true scriptPath: 'pack/scripts/nix_deps.sh' +- bash: | + pip install pip-audit + pip-audit -r requirements.txt + displayName: 'Run vulnerability scan' - task: CopyFiles@2 inputs: contents: | diff --git a/pack/templates/win_env_gen.yml b/pack/templates/win_env_gen.yml index 0ae4f70e..e07d8410 100644 --- a/pack/templates/win_env_gen.yml +++ b/pack/templates/win_env_gen.yml @@ -12,6 +12,10 @@ steps: - task: PowerShell@2 inputs: filePath: 'pack\scripts\win_deps.ps1' +- bash: | + pip install pip-audit + pip-audit -r requirements.txt + displayName: 'Run vulnerability scan' - task: CopyFiles@2 inputs: contents: |