1
83%
main: 83%

Ran 19 May 2026 08:46AM UTC

Files 87

Run time 3s

Badge

Embed ▾

Committed 19 May 2026 08:45AM UTC coverage: 82.976%. Remained the same

Job # 26086418631.1

Build Type

push

github

Committed by

web-flow

Commit Message

feat(ci): Replace Trivy CVE scanning with uv audit + OSV-Scanner (#495)

Replaces the Trivy-based workflows removed in #427 with two new tools:

- validate-lockfile.yaml: PR check using uv audit to diff-compare
  vulnerabilities between PR and base branch. Non-blocking (informational
  comments only). Note: uv audit is experimental; if its text output
  format changes, the fallback is switching to osv-scanner JSON output
  (both query the same OSV.dev database).

- osv-scanner.yaml: Nightly scan using OSV-Scanner CLI (v2.3.8) with
  SARIF upload to the GitHub Security tab and auto-fix PRs. Integrates
  with existing .github/scripts/ utilities (update_overrides.py,
  compare_versions.py, extract_version.py) and the cleanup-overrides
  workflow for the full fix lifecycle.

- osv-scanner.toml: Minimal config for suppressing false positives.

Closes #478

Signed-off-by: Fiona-Waters <fiwaters6@gmail.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

Coverage Stats

4952 of 5968 relevant lines covered (82.98%)

0.83 hits per line

kubeflow / sdk / 26086418631 / 1
83%
main: 83%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

Source Files on job python-3.10 - 26086418631.1

kubeflow / sdk / 26086418631 / 1 83% main: 83%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

Source Files on job python-3.10 - 26086418631.1

kubeflow / sdk / 26086418631 / 1
83%
main: 83%

README BADGES
x