Security Pipeline GitHub

.github/workflows/security.yml

@@ -0,0 +1,44 @@
+name: Security Checks
+
+on: [push, pull_request]
+
+jobs:
+  gitleaks:
+    name: Gitleaks
+    runs-on: ubuntu-latest
+    container:
+      image: zricethezav/gitleaks:latest
+      options: --entrypoint ""
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v3
+    - name: Mark repository as safe
+      run: git config --global --add safe.directory $GITHUB_WORKSPACE
+    - name: Run Gitleaks
+      run: gitleaks git . --verbose --redact
+      # Uncomment the line below and comment out the above line to switch scan mode
+      # run: gitleaks dir . --verbose --redact
+
+  pip-audit:
+    name: Pip Audit
+    runs-on: ubuntu-latest
+    container: python:latest
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v3
+    - name: Install pip-audit
+      run: pip install pip-audit
+    - name: Run pip-audit
+      run: pip-audit -r samples/requirements.txt
+
+  bandit:
+    name: Bandit
+    runs-on: ubuntu-latest
+    container: python:latest
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v3
+    - name: Install Bandit
+      run: pip install bandit
+    - name: Run Bandit
+      run: bandit -x .venv -r .

README.md

@@ -1,16 +1,19 @@
 # Pipelines for Securing your Python Development Lifecycle
 
-See it on [GitHub](https://github.com/iokiwi/python-security-pipelines) | [GitLab](https://gitlab.com/iokiwi/python-security-pipelines)
+See it on [[GitHub](https://github.com/iokiwi/python-security-pipelines) | [GitLab](https://gitlab.com/iokiwi/python-security-pipelines)]
 
 Reference Repository from my Talk of the same title: [Pipelines for Securing your Python Development Lifecycle](https://docs.google.com/presentation/d/1hAYnZCIoPdgXLpZZsllKrhdKLscPrzpcAvUV5jrD8R4/edit?usp=sharing
 )
 
-Important files/directories
+### Important files/directories
 
- * [samples](samples/) - Contains samples of things that will cause the pipelines to fail
- * [.gitlab-ci.yml](.gitlab-ci.yml) - Source code for the security pipelines
- * Pipeline results: [GitLab](https://gitlab.com/iokiwi/python-security-pipelines/-/pipelines) | GitHub [TODO]
- * .github/workflows/security.yml [TODO]
+|||
+|---|---|
+[samples](samples/) | Contains samples of things that will cause the pipelines to fail
+[.gitlab-ci.yml](.gitlab-ci.yml) | GitLab CI Config
+[.github/workflows/security.yml](.github/workflows/security.yml) | GitHub CI Config
+Pipeline results | [[GitLab](https://gitlab.com/iokiwi/python-security-pipelines/-/pipelines) \| [GitHub](https://github.com/iokiwi/python-security-pipelines/actions/)]
+|||
 
 Please feel free to fork this repo and try it yourself. 
 
@@ -37,5 +40,4 @@ More reading and examples: [YAML Deserialization Attack in Python](https://net-s
 
 ## TODOs and Possible Enrichments
 
- * Translate it to Github actions as well
  * Share some other usefull scripts for CI