15005882356
93%

Ran 13 May 2025 08:17PM UTC

Jobs 1

Files 6

Run time 1min

Badge

Embed ▾

Committed 13 May 2025 08:16PM UTC coverage: 92.754% (-0.2%) from 92.978%

Build # 15005882356

Build Type

push

github

Committed by

web-flow

Commit Message

Replace pipenv check with pip-audit (#161)

Why these changes are being introduced:

As of pipenv 2025.0.1 the use of `pipenv check` would throw
an error, indicating that the library `safety` was not installed.
It worked to run `pipenv check --auto-install` which would
temporarily install `safety`, but this was not ideal for multiple
reasons.

First, we anticipate potentially moving away from `pipenv`.

Second, it appears that `safety` is moving to a pay / subscription
model.

Third, it remains a little obfuscated what `pipenv check` is actually
doing.

As this new situation affects all builds in Github Actions CI,
we need a way to scan for vulnerabilities that ideally is not
a massive overhaul of our vulnerability scanning approach.

How this addresses that need:

`pip-audit` is a nice standalone, open-source library that
performs very similar work to `safety`.

This commit replaces `pipenv check` (which was `safety` under
the hood) with `pip-audit`.

Side effects of this change:
* Builds will be successful in Github Actions

Relevant ticket(s):
* https://mitlibraries.atlassian.net/browse/IN-1256

Run Details

320 of 345 relevant lines covered (92.75%)

0.93 hits per line

Jobs

ID	Job ID	Ran	Files	Coverage
1	15005882356.1	13 May 2025 08:17PM UTC	6	92.75	GitHub Action Run

MITLibraries / carbon / 15005882356
93%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

Jobs

Source Files on build 15005882356

MITLibraries / carbon / 15005882356 93%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

Jobs

Source Files on build 15005882356

MITLibraries / carbon / 15005882356
93%

README BADGES
x