MITLibraries / dspace-submission-service
97%
main: 98%

Repo Added 31 Aug 2021 04:35PM UTC

Files 7

Badge

Embed ▾

LAST BUILD ON BRANCH IN-1253-pip-audit
branch: IN-1253-pip-audit

CHANGE BRANCH
x

Reset

IN-1253-pip-audit

IN-1059-maintenance-08-2024

IN-1452-maintenance

adr-for-full-automation-support

deployment-workflows

downgrade_moto

etd-398-submit-to-dspace

etd-400-sqs-read-write

etd-426-result-message-spec

etd-436-smoke-tests

etd-443-add-sentry

etd-444-input-message-checks

etd-445-confirm-result-message

etd-458-498-update-specs

etd-464-add-dspace-timeout-to-config

etd-495-improve-dspace-error-messages

etd424-run-model

etd435-sqs-input-spec

fixup_adrs

jmc-test

legacy

main

makefile-update

makefile-update-build

makefile-update-prod

makefile-update2

quick-test

refactor_sqs

sample_result_messages

uv

v1.0.0

v1.0.1

v1.2.0

v1.2.1

Committed 07 May 2025 07:51PM UTC coverage: 97.167% (-0.09%) from 97.253%

Build # 14892038845

Build Type

push

github

Committed by

ehanson8

Commit Message

Replace pipenv check with pip-audit

Why these changes are being introduced:

As of pipenv 2025.0.1 the use of `pipenv check` would throw
an error, indicating that the library `safety` was not installed.
It worked to run `pipenv check --auto-install` which would
temporarily install `safety`, but this was not ideal for multiple
reasons.

First, we anticipate potentially moving away from `pipenv`.

Second, it appears that `safety` is moving to a pay / subscription
model.

Third, it remains a little obfuscated what `pipenv check` is actually
doing.

As this new situation affects all builds in Github Actions CI,
we need a way to scan for vulnerabilities that ideally is not
a massive overhaul of our vulnerability scanning approach.

How this addresses that need:

`pip-audit` is a nice standalone, open-source library that
performs very similar work to `safety`.

This commit replaces `pipenv check` (which was `safety` under
the hood) with `pip-audit`.

Side effects of this change:
* Builds will be successful in Github Actions

Relevant ticket(s):
* https://mitlibraries.atlassian.net/browse/IN-1253

Run Details

343 of 353 relevant lines covered (97.17%)

0.97 hits per line

Relevant lines Covered

353 RELEVANT LINES 343 COVERED LINES

0.97 HITS PER LINE

Source Files on IN-1253-pip-audit

Recent builds

Builds	Branch	Commit	Type	Ran	Committer	Via	Coverage
14892038845	IN-1253-pip-audit	Replace pipenv check with pip-audit Why these changes are being introduced: As of pipenv 2025.0.1 the use of `pipenv check` would throw an error, indicating that the library `safety` was not installed. It worked to run `pipenv check --auto-insta...	push	07 May 2025 07:52PM UTC	ehanson8	github	97.17

See All Builds (88)

MITLibraries / dspace-submission-service
97%
main: 98%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

CHANGE BRANCH
x

Relevant lines Covered

Source Files on IN-1253-pip-audit

Recent builds

MITLibraries / dspace-submission-service 97% main: 98%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

CHANGE BRANCH x

Relevant lines Covered

Source Files on IN-1253-pip-audit

Recent builds

MITLibraries / dspace-submission-service
97%
main: 98%

README BADGES
x

CHANGE BRANCH
x