Add a pre-commit hook to run `pip-audit` - Githubissues

cisagov / skeleton-generic

A generic skeleton project for quickly getting a new cisagov project started.

Creative Commons Zero v1.0 Universal

14 stars 12 forks source link

Add a pre-commit hook to run `pip-audit` #179

Closed mcdonnnj closed 2 months ago

mcdonnnj commented 7 months ago

🗣 Description

This pull request adds a repository and hook with an appropriate configuration to run the pip-audit command on all three pip in the repository.

💭 Motivation and context

The pip-audit tool will help ensure that any requirements defined in our three main pip do not contain packages with known security vulnerabilities.

🧪 Testing

Automated tests pass.

✅ Pre-approval checklist

[x] This PR has an informative and human-readable title.
[x] Changes are limited to a single goal - eschew scope creep!
[x] All relevant type-of-change labels have been added.
[x] I have read the CONTRIBUTING document.
[x] These code changes follow cisagov code standards.
[x] All new and existing tests pass.