Skip to content

Henderalex/Work_Flow_Test

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
.github/workflows
.github/workflows
 
 
screenshots
screenshots
 
 
vulnerable-app
vulnerable-app
 
 
README.md
README.md
 
 

Repository files navigation

Security Scan Demo

End-to-end demo that runs Safety on intentionally vulnerable dependencies, converts the JSON output to SARIF, and uploads to GitHub Code Scanning.

What this repo contains

  • Workflow: .github/workflows/security-scan.yml runs Safety, calls the SARIF converter action, and uploads SARIF with github/codeql-action/upload-sarif@v3 (requires security-events: write).
  • Vulnerable sample: vulnerable-app/ with outdated dependencies and insecure code paths to generate findings.
  • Evidence: screenshots/ placeholder for workflow run, alerts list, and alert detail captures.

Local smoke test

python -m pip install safety
cd vulnerable-app
safety scan --file requirements.txt --output json --continue-on-error > ../safety-output.json
cd ..
python ../safety-sarif-action/converter.py --input safety-output.json --output safety.sarif --manifest vulnerable-app/requirements.txt

Inspect safety.sarif then upload with the workflow or upload-sarif action.

About

Action to Test Safety

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages

  • Python 100.0%