Skip to content
Snippets Groups Projects
Commit 1f008f17 authored by Kenneth Reitz's avatar Kenneth Reitz
Browse files

security vulnerabilities check


Signed-off-by: default avatarKenneth Reitz <me@kennethreitz.org>
parent a03a2ca4
No related branches found
No related tags found
No related merge requests found
...@@ -31,7 +31,7 @@ BUILD_DIR=$1 ...@@ -31,7 +31,7 @@ BUILD_DIR=$1
CACHE_DIR=$2 CACHE_DIR=$2
ENV_DIR=$3 ENV_DIR=$3
export BUILD_DIR CACHE_DIR ENV_DIR export BUILD_DIR CACHE_DIR ENV_DIR ROOT_DIR
# Python defaults # Python defaults
DEFAULT_PYTHON_VERSION="python-3.6.4" DEFAULT_PYTHON_VERSION="python-3.6.4"
...@@ -215,6 +215,10 @@ if [[ ! "$BUILD_DIR" == "/app" ]]; then ...@@ -215,6 +215,10 @@ if [[ ! "$BUILD_DIR" == "/app" ]]; then
deep-cp /app/.heroku/src "$BUILD_DIR/.heroku/src" deep-cp /app/.heroku/src "$BUILD_DIR/.heroku/src"
fi fi
# Check package safety.
let start=$(nowms)
sub_env "$BIN_DIR/steps/safety"
mtime "safety.time" "${start}"
# Django collectstatic support. # Django collectstatic support.
let start=$(nowms) let start=$(nowms)
......
# shellcheck source=bin/utils
source $BIN_DIR/utils
set +e
$tmpfile = $(mktemp)
/app/.heroku/python/bin/python $ROOT_DIR/vendor/safety.zip 2>&1 > $tmpfile
if [[ $? != 0 ]]; then
puts-warn "KNOWN SECURITY VULNERABILITIES FOUND IN DEPENDENCIES!"
cat $tmpfile | indent
fi
rm -fr $tmpfile
set -e
\ No newline at end of file
File added
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment