From aa52aded9f8bde89f1ab08fcc9a16e3d0c09362c Mon Sep 17 00:00:00 2001 From: Catalin Ghimici <152162343+catalinsymphony@users.noreply.github.com> Date: Tue, 2 Sep 2025 14:52:26 +0300 Subject: [PATCH] Update cve scan command --- .github/workflows/cve-scanning-python.yml | 2 +- .safety-policy.yml | 12 ------------ 2 files changed, 1 insertion(+), 13 deletions(-) delete mode 100644 .safety-policy.yml diff --git a/.github/workflows/cve-scanning-python.yml b/.github/workflows/cve-scanning-python.yml index 7acf0626..ee0c81c9 100644 --- a/.github/workflows/cve-scanning-python.yml +++ b/.github/workflows/cve-scanning-python.yml @@ -32,6 +32,6 @@ jobs: run: | poetry install - name: Scan CVEs - run: poetry export --without-hashes -f requirements.txt | safety check --full-report --stdin + run: poetry export --without-hashes -f requirements.txt | safety scan # Without poetry, use this command instead # run: safety check -r requirements.txt --full-report --policy-file safety-policy.yml \ No newline at end of file diff --git a/.safety-policy.yml b/.safety-policy.yml deleted file mode 100644 index 0153bafe..00000000 --- a/.safety-policy.yml +++ /dev/null @@ -1,12 +0,0 @@ -# Safety Security and License Configuration file -security: # configuration for the `safety check` command - ignore-cvss-severity-below: 0 # A severity number between 0 and 10. Some helpful reference points: 9=ignore all vulnerabilities except CRITICAL severity. 7=ignore all vulnerabilities except CRITICAL - ignore-cvss-unknown-severity: False # True or False. We recommend you set this to False. - ignore-vulnerabilities: # Here you can list multiple specific vulnerabilities you want to ignore (optionally for a time period) - # We recommend making use of the optional `reason` and `expires` keys for each vulnerability that you ignore. - #25853: # Example vulnerability ID - # reason: we do not use the vulnerable function # optional, for internal note purposes to communicate with your team. This reason will be reported in the Safety reports - # expires: '2022-10-21' # datetime string - date this ignore will expire, best practice to use this variable - 70612: - reason: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing. - continue-on-vulnerability-error: False # Suppress non-zero exit codes when vulnerabilities are found. Enable this in pipelines and CI/CD processes if you want to pass builds that have vulnerabilities