From 1a1883b392393f1dd5b1d2f112656a9bc232a2f7 Mon Sep 17 00:00:00 2001
From: DavitMamrikishvili <davit.mamrikishvili1@gmail.com>
Date: Fri, 20 Dec 2024 12:51:08 +0400
Subject: [PATCH 1/3] Fix vulnerability check scanning packages not used by the
 project

---
 .github/workflows/python-scan.yml | 21 ++++++++++++---------
 1 file changed, 12 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/python-scan.yml b/.github/workflows/python-scan.yml
index b46486c..0823c22 100644
--- a/.github/workflows/python-scan.yml
+++ b/.github/workflows/python-scan.yml
@@ -40,11 +40,8 @@ jobs:
           version: ${{ inputs.poetry-version }}
           virtualenvs-create: false
 
-      - name: Install modules
-        run: |
-          pip install virtualenv
-          python -m venv venv
-          source venv/bin/activate
+      - name: Store packages in a file
+        run: pip freeze > before.txt
 
       - name: Generate requirements.txt from Poetry
         if: steps.check-poetry-file.outputs.files_exists == 'true'
@@ -53,9 +50,15 @@ jobs:
       - name: Install requirements
         run: pip install -r requirements.txt
 
-      - name: Store requirements in other file
-        run: pip freeze --local > file_to_check.txt
-        
+      - name: Store updated list of packages in another file
+        run: pip freeze > after.txt
+
+      - name: Get only the project dependencies
+        run: diff before.txt after.txt | grep '^>' | sed 's/^> //' > diff.txt
+
+      - name: Output the list of packages to be checked
+        run: cat diff.txt
+
       - name: Download safety-policy
         run: |
           wget -q -O .safety-policy.yaml https://raw.githubusercontent.com/th2-net/.github/main/vulnerability-compliance/python-safety-check/.safety-policy.yaml
@@ -64,4 +67,4 @@ jobs:
         run: pip install --upgrade pip && pip install safety
 
       - name: Run Vulnerability check
-        run: safety check -r file_to_check.txt ${{ inputs.safety-args }} --policy-file .safety-policy.yaml
+        run: safety check -r diff.txt ${{ inputs.safety-args }} --policy-file .safety-policy.yaml

From 52414c0e5d401a873ba327081bc138964494b3f7 Mon Sep 17 00:00:00 2001
From: DavitMamrikishvili <davit.mamrikishvili1@gmail.com>
Date: Fri, 20 Dec 2024 13:00:47 +0400
Subject: [PATCH 2/3] Change branch to vulnerability-scan-fix for testing
 purposes

---
 .github/workflows/compound-python.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/compound-python.yml b/.github/workflows/compound-python.yml
index 19db61e..e3dab80 100644
--- a/.github/workflows/compound-python.yml
+++ b/.github/workflows/compound-python.yml
@@ -134,7 +134,7 @@ jobs:
   
   vulnerability-scan:
     if: inputs.scanner-enabled
-    uses: th2-net/.github/.github/workflows/python-scan.yml@main
+    uses: th2-net/.github/.github/workflows/python-scan.yml@vulnerability-scan-fix # TODO: change this to main before merging
     with:
       safety-args: ${{ inputs.scan-safety-args }}
 

From 917e6066d4a085220e0422f3cb2909cfdcef1497 Mon Sep 17 00:00:00 2001
From: DavitMamrikishvili <davit.mamrikishvili1@gmail.com>
Date: Fri, 20 Dec 2024 16:06:53 +0400
Subject: [PATCH 3/3] Return branch name to main

---
 .github/workflows/compound-python.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/compound-python.yml b/.github/workflows/compound-python.yml
index e3dab80..19db61e 100644
--- a/.github/workflows/compound-python.yml
+++ b/.github/workflows/compound-python.yml
@@ -134,7 +134,7 @@ jobs:
   
   vulnerability-scan:
     if: inputs.scanner-enabled
-    uses: th2-net/.github/.github/workflows/python-scan.yml@vulnerability-scan-fix # TODO: change this to main before merging
+    uses: th2-net/.github/.github/workflows/python-scan.yml@main
     with:
       safety-args: ${{ inputs.scan-safety-args }}