Vulnerability actions ===================== Vulnerability actions verify that any safety advisories detected in a Python library are properly identified and reported, both on the library itself and third-party libraries (that is, dependencies). .. _pyansys_check_vulnerabilities: Check vulnerabilities action ---------------------------- .. note:: Users can try out the ``ansys/check-vulnerabilities`` action on their local repository by doing the following: #. Download the ``check_vulnerabilities.py`` script and the ``requirements.txt`` file from the `ansys/check-vulnerabilities action folder `_. #. Move the downloaded files to the root of the repository. #. Create a virtual environment by running ``python -m venv .venv``. #. Activate the virtual environment. #. Install the required dependencies by running ``pip install -r requirements.txt``. #. Install your repository with the command ``pip install -e .``. #. Define the following environment variables: - ``DEPENDENCY_CHECK_TOKEN``: A GitHub token with the necessary permissions to access security advisories on the repository you are interested in. - ``DEPENDENCY_CHECK_PACKAGE_NAME``: The Python package name of your repository. This is the name of the package that you would use in a ``pip install`` command. - ``DEPENDENCY_CHECK_REPOSITORY``: The full name of the repository you are interested in. This is the name of the repository in the format ``/``. #. Run the script by running ``python check_vulnerabilities.py --run-local``. .. warning:: The ``ansys/check-vulnerabilities`` action needs to be performed on a public repository. If the repository is private, the action will fail due to denied access. .. jinja:: check-vulnerabilities {{ description }} {{ inputs_table }} Examples ++++++++ {% for filename, title in examples %} .. dropdown:: {{ title }} :animate: fade-in .. literalinclude:: examples/{{ filename }} :language: yaml {% endfor %}