-
Notifications
You must be signed in to change notification settings - Fork 6.9k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[fbsync] Added CodeQL and Bandit security checks as GitHub Actions (#…
…3625) Summary: * Added CodeQL and Bandit security checks as GitHub Actions * Nit fix on defusedxml.ElementTree * Remove defusedxml as hard requirement * Changed diffusedxml/xml importing * Fix compilation * Removed Bandit specific changes Reviewed By: NicolasHug Differential Revision: D27706940 fbshipit-source-id: c6a9d46d814aabd38e2b2d609d495427c5f2d591 Co-authored-by: Nikita Shulga <nikita.shulga@gmail.com> Co-authored-by: Nicolas Hug <nicolashug@fb.com> Co-authored-by: Francisco Massa <fvsmassa@gmail.com>
- Loading branch information
1 parent
ed386ab
commit b79d710
Showing
2 changed files
with
66 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
# GitHub Actions Bandit Workflow | ||
|
||
name: Bandit | ||
|
||
on: | ||
pull_request: | ||
branches: [ master ] | ||
|
||
workflow_dispatch: | ||
|
||
jobs: | ||
build: | ||
runs-on: ubuntu-latest | ||
|
||
steps: | ||
- uses: actions/checkout@v2 | ||
|
||
# Task will fail if any high-severity issues are found | ||
# Ignoring submodules | ||
- name: Run Bandit Security Analysis | ||
run: | | ||
python -m pip install bandit | ||
python -m bandit -r . -x ./third_party -lll |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
# GitHub Actions CodeQL Workflow | ||
|
||
name: CodeQL | ||
|
||
on: | ||
pull_request: | ||
branches: [ master ] | ||
|
||
workflow_dispatch: | ||
|
||
jobs: | ||
build: | ||
runs-on: ubuntu-latest | ||
|
||
steps: | ||
- uses: actions/checkout@v2 | ||
|
||
- name: Initialize CodeQL | ||
uses: github/codeql-action/init@v1 | ||
with: | ||
languages: python, cpp | ||
|
||
- name: Install Ninja | ||
run: | | ||
sudo apt-get update -y | ||
sudo apt-get install -y ninja-build | ||
- name: Update submodules | ||
run: git submodule update --init --recursive | ||
|
||
- name: Install Torch | ||
run: | | ||
python -m pip install cmake | ||
python -m pip install torch==1.8.1+cpu -f https://download.pytorch.org/whl/torch_stable.html | ||
sudo ln -s /usr/bin/ninja /usr/bin/ninja-build | ||
- name: Build TorchVision | ||
run: python setup.py develop --user | ||
|
||
# If any code scanning alerts are found, they will be under Security -> CodeQL | ||
# Link: https://github.com/pytorch/vision/security/code-scanning | ||
- name: Perform CodeQL Analysis | ||
uses: github/codeql-action/analyze@v1 |