Bandit #471
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Bandit | |
| # Set default permissions for all jobs in the workflow | |
| permissions: | |
| contents: read | |
| # Controls when the workflow will run | |
| on: | |
| # Triggers the workflow on push or pull request events but only for the "main" branch | |
| push: | |
| branches: [ "main" ] | |
| pull_request: | |
| branches: [ "main" ] | |
| # Schedule the workflow to trigger at a specified time each day using a CRON expression | |
| schedule: | |
| # ┌───────────── minute (0 - 59) | |
| # │ ┌───────────── hour (0 - 23) | |
| # │ │ ┌───────────── day of the month (1 - 31) | |
| # │ │ │ ┌───────────── month (1 - 12 or JAN-DEC) | |
| # │ │ │ │ ┌───────────── day of the week (0 - 6 or SUN-SAT) | |
| # │ │ │ │ │ | |
| - cron: '45 7 * * 0' # Runs at 07:45am UTC every Sunday | |
| # Allows you to run this workflow manually from the Actions tab | |
| workflow_dispatch: | |
| jobs: | |
| analyze: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| # required for all workflows | |
| security-events: write | |
| # only required for workflows in private repositories | |
| actions: read | |
| contents: read | |
| steps: | |
| - name: Perform Bandit Analysis | |
| uses: PyCQA/bandit-action@8a1b30610f61f3f792fe7556e888c9d7dffa52de #v1.0.0 |