Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
53 changes: 53 additions & 0 deletions .github/workflows/security.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
name: Security Scanning

on:
pull_request:
branches: [main, dev]
push:
branches: [main, dev]
schedule:
- cron: "0 0 * * 0" # Weekly on Sundays at midnight UTC

jobs:
dependency-scan:
name: Dependency Vulnerability Scan
permissions:
contents: read
security-events: write
actions: read
uses: google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v2.3.1
with:
scan-args: |-
--lockfile=requirements.txt:./uv.lock
fail-on-vuln: false # Don't fail the build, just report findings

code-scan:
name: Code Security Scan
runs-on: ubuntu-latest

permissions:
contents: read
security-events: write # For uploading SARIF results

steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Install uv
uses: astral-sh/setup-uv@v3

- name: Set up Python
run: uv python install 3.11

- name: Run Bandit security scan
run: |
uv tool install bandit[sarif]
uv tool run bandit -r src/ -f sarif -o bandit.sarif
continue-on-error: true # Don't fail the build, just report findings

- name: Upload Bandit results to GitHub Security
uses: github/codeql-action/upload-sarif@v3
if: always() # Upload even if scan found issues
with:
sarif_file: bandit.sarif
category: code-security
2 changes: 2 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,8 @@ A modern Python client library for accessing Geological Survey of Sweden (SGU) g
[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
[![codecov](https://codecov.io/gh/officialankan/sgu-client/branch/main/graph/badge.svg)](https://codecov.io/gh/officialankan/sgu-client)
[![Code style: ruff](https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/astral-sh/ruff/main/assets/badge/v2.json)](https://github.com/astral-sh/ruff)
[![security: bandit](https://img.shields.io/badge/security-bandit-yellow.svg)](https://github.com/PyCQA/bandit)
[![Security Scanning](https://github.com/officialankan/sgu-client/actions/workflows/security.yml/badge.svg)](https://github.com/officialankan/sgu-client/actions/workflows/security.yml)

> This package is not affiliated with or endorsed by SGU.

Expand Down
2 changes: 1 addition & 1 deletion docs/source/conf.py
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@
project = "sgu-client"
copyright = f"{datetime.now().year}, Anders Retzner"
author = "Anders Retzner"
release = "0.4.2"
release = "0.4.3"

# -- General configuration ---------------------------------------------------
# https://www.sphinx-doc.org/en/master/usage/configuration.html#general-configuration
Expand Down
2 changes: 1 addition & 1 deletion pyproject.toml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[project]
name = "sgu-client"
version = "0.4.2"
version = "0.4.3"
description = "A modern Python client library for accessing Geological Survey of Sweden groundwater data APIs with type safety and pandas integration"
readme = "README.md"
authors = [{ name = "Anders Retzner", email = "anders.retzner@gmail.com" }]
Expand Down
2 changes: 1 addition & 1 deletion src/sgu_client/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
)
from .sgu_client import SGUClient

__version__ = "0.4.2"
__version__ = "0.4.3"
__all__ = [
"SGUAPIError",
"SGUClient",
Expand Down
2 changes: 1 addition & 1 deletion uv.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading