ajax146
commented
1 year ago Will need to do these two commands: pipfile2req Pipfile.lock -d > requirements.txt pip-audit -r requirements.txt
Open ajax146 opened 1 year ago
ajax146
commented
1 year ago Will need to do these two commands: pipfile2req Pipfile.lock -d > requirements.txt pip-audit -r requirements.txt
ajax146
commented
1 year ago Could also do it this way: https://github.com/pypa/gh-action-pip-audit#running-against-a-pipenv-project
pip-audit looks for vulnerabilites in pip packages. Overall, it would keep the project more secure.
https://github.com/pypa/pip-audit#github-actions https://github.com/marketplace/actions/gh-action-pip-audit