[CI] Add pre-commit hook pip-audit
#2573
Draft
+6
−0
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
https://github.com/pypa/pip-audit "Audits Python environments, requirements files and dependency trees for known security vulnerabilities, and can automatically fix them" https://github.com/pypa/pip-audit?tab=readme-ov-file#pre-commit-support Also used on the Apache Trusted Tooling Release repo: https://github.com/apache/tooling-trusted-releases/blob/23b3bc5adce730835e0b7d218e14d7e90db13e0e/.pre-commit-config.yaml#L100
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
https://github.com/pypa/pip-audit
"Audits Python environments, requirements files and dependency trees for known security vulnerabilities, and can automatically fix them"
https://github.com/pypa/pip-audit?tab=readme-ov-file#pre-commit-support
Also used on the Apache Trusted Tooling Release repo:
https://github.com/apache/tooling-trusted-releases/blob/23b3bc5adce730835e0b7d218e14d7e90db13e0e/.pre-commit-config.yaml#L100
Did you read the Contributor Guide?
Is this PR related to a ticket?
[CI] my subjectWhat changes were proposed in this PR?
As described above added another check / test to our pre-commit framework.
In the examples it says it works with
pyproject.tomlfiles:https://github.com/pypa/pip-audit?tab=readme-ov-file#examples
How was this patch tested?
With pre-commit
Did this PR include necessary documentation updates?