MITLibraries / archivesspace-top-containers
100%
initial-app: 100%

Repo Added 27 Apr 2023 07:56PM UTC

Files 3

Badge

Embed ▾

LAST BUILD ON BRANCH IN-1245-pip-audit
branch: IN-1245-pip-audit

CHANGE BRANCH
x

Reset

IN-1245-pip-audit

INFRA-502

dependabot/pip/bandit-1.7.6

dependabot/pip/black-23.10.1

dependabot/pip/black-23.11.0

dependabot/pip/black-23.12.0

dependabot/pip/black-23.12.1

dependabot/pip/certifi-2023.7.22

dependabot/pip/click-8.1.4

dependabot/pip/click-8.1.5

dependabot/pip/click-8.1.6

dependabot/pip/gitpython-3.1.32

dependabot/pip/gitpython-3.1.41

dependabot/pip/mypy-1.3.0

dependabot/pip/mypy-1.4.1

dependabot/pip/mypy-1.7.0

dependabot/pip/mypy-1.7.1

dependabot/pip/mypy-1.8.0

dependabot/pip/pytest-7.3.2

dependabot/pip/pytest-7.4.0

dependabot/pip/pytest-7.4.3

dependabot/pip/pytest-7.4.4

dependabot/pip/requests-2.31.0

dependabot/pip/requests-mock-1.11.0

initial-app

main

maintenance-updates-12-2024

maintenance-week-updates

more-readme-updates

readme-update

readme-updates

readme-usage-update

Committed 05 May 2025 08:37PM UTC coverage: 100.0%. Remained the same

Build # 14845760999

Build Type

push

github

Committed by

ehanson8

Commit Message

Replace pipenv check with pip-audit

Why these changes are being introduced:

As of pipenv 2025.0.1 the use of `pipenv check` would throw
an error, indicating that the library `safety` was not installed.
It worked to run `pipenv check --auto-install` which would
temporarily install `safety`, but this was not ideal for multiple
reasons.

First, we anticipate potentially moving away from `pipenv`.

Second, it appears that `safety` is moving to a pay / subscription
model.

Third, it remains a little obfuscated what `pipenv check` is actually
doing.

As this new situation affects all builds in Github Actions CI,
we need a way to scan for vulnerabilities that ideally is not
a massive overhaul of our vulnerability scanning approach.

How this addresses that need:

`pip-audit` is a nice standalone, open-source library that
performs very similar work to `safety`.

This commit replaces `pipenv check` (which was `safety` under
the hood) with `pip-audit`.

Side effects of this change:
* Builds will be successful in Github Actions

Relevant ticket(s):
* https://mitlibraries.atlassian.net/browse/IN-1245

Run Details

73 of 73 relevant lines covered (100.0%)

1.0 hits per line

Relevant lines Covered

73 RELEVANT LINES 73 COVERED LINES

1.0 HITS PER LINE

Source Files on IN-1245-pip-audit

Recent builds

Builds	Branch	Commit	Type	Ran	Committer	Via	Coverage
14845760999	IN-1245-pip-audit	Replace pipenv check with pip-audit Why these changes are being introduced: As of pipenv 2025.0.1 the use of `pipenv check` would throw an error, indicating that the library `safety` was not installed. It worked to run `pipenv check --auto-insta...	push	05 May 2025 08:38PM UTC	ehanson8	github	100.0

See All Builds (52)

MITLibraries / archivesspace-top-containers
100%
initial-app: 100%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

CHANGE BRANCH
x

Relevant lines Covered

Source Files on IN-1245-pip-audit

Recent builds

MITLibraries / archivesspace-top-containers 100% initial-app: 100%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

CHANGE BRANCH x

Relevant lines Covered

Source Files on IN-1245-pip-audit

Recent builds

MITLibraries / archivesspace-top-containers
100%
initial-app: 100%

README BADGES
x

CHANGE BRANCH
x