From d38f4a74f75d77a7c66d5fa26b04bf730ce3ebf6 Mon Sep 17 00:00:00 2001 From: Luke Hinds Date: Sun, 29 Jun 2025 23:04:18 +0100 Subject: [PATCH 1/2] Add Bandit security linter to CI Closes: #251 --- .github/workflows/security.yml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 .github/workflows/security.yml diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml new file mode 100644 index 000000000..b3841db6d --- /dev/null +++ b/.github/workflows/security.yml @@ -0,0 +1,19 @@ +name: Bandit + +on: + workflow_dispatch: + +jobs: + analyze: + runs-on: ubuntu-latest + permissions: + security-events: write + actions: read + contents: read + steps: + - name: Perform Bandit Analysis + uses: PyCQA/bandit-action@8a1b30610f61f3f792fe7556e888c9d7dffa52de # v1.0.0 + with: + severity: medium + confidence: medium + targets: "src/a2a" From 6554d307c59eb12b9f769591cd0eac28d95ca0f1 Mon Sep 17 00:00:00 2001 From: Holt Skinner Date: Mon, 30 Jun 2025 09:40:21 -0500 Subject: [PATCH 2/2] Rename to security.yaml and add version --- .github/workflows/{security.yml => security.yaml} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename .github/workflows/{security.yml => security.yaml} (79%) diff --git a/.github/workflows/security.yml b/.github/workflows/security.yaml similarity index 79% rename from .github/workflows/security.yml rename to .github/workflows/security.yaml index b3841db6d..309cf08b5 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yaml @@ -12,7 +12,7 @@ jobs: contents: read steps: - name: Perform Bandit Analysis - uses: PyCQA/bandit-action@8a1b30610f61f3f792fe7556e888c9d7dffa52de # v1.0.0 + uses: PyCQA/bandit-action@v1 with: severity: medium confidence: medium