chore(main): release 0.6.0 (#52) #24
lhoupertintegration-tests.yml
on: push
Matrix: integration-test
Validate results
8s
Annotations
37 errors, 68 warnings, and 9 notices
|
Test 14
Process completed with exit code 1.
|
|
Test 14
Process completed with exit code 1.
|
|
Test 14
Resource not accessible by integration - https://docs.github.com/rest
|
|
Test 12
Process completed with exit code 1.
|
|
Test 12
Process completed with exit code 1.
|
|
Test 12:
integration-tests/cases/12-uv-flat-bandit-only/app.py#L5
[B602] subprocess call with shell=True identified, security issue.
|
|
Test 12
Resource not accessible by integration - https://docs.github.com/rest
|
|
Test 13
Resource not accessible by integration - https://docs.github.com/rest
|
|
Test 02
Process completed with exit code 1.
|
|
Test 02
Process completed with exit code 1.
|
|
Test 02:
integration-tests/cases/02-requirements-src-bandit/src/app.py#L8
[B602] subprocess call with shell=True identified, security issue.
|
|
Test 02
Resource not accessible by integration - https://docs.github.com/rest
|
|
Test 03
Process completed with exit code 1.
|
|
Test 03
Process completed with exit code 1.
|
|
Test 03:
integration-tests/cases/03-requirements-multi-both/src/processor.py#L8
[B602] subprocess call with shell=True identified, security issue.
|
|
Test 03
Resource not accessible by integration - https://docs.github.com/rest
|
|
Test 10
Process completed with exit code 1.
|
|
Test 10
Process completed with exit code 1.
|
|
Test 10:
integration-tests/cases/10-pipenv-multi-bandit/src/handler.py#L8
[B602] subprocess call with shell=True identified, security issue.
|
|
Test 10:
integration-tests/cases/10-pipenv-multi-bandit/scripts/deploy.py#L8
[B602] subprocess call with shell=True identified, security issue.
|
|
Test 11
Resource not accessible by integration - https://docs.github.com/rest
|
|
Test 10
Resource not accessible by integration - https://docs.github.com/rest
|
|
Test 06
Process completed with exit code 1.
|
|
Test 06
Process completed with exit code 1.
|
|
Test 06:
integration-tests/cases/06-uv-multi-bandit/scripts/digest.py#L8
[B324] Use of weak MD5 hash for security. Consider usedforsecurity=False
|
|
Test 06
Resource not accessible by integration - https://docs.github.com/rest
|
|
Test 05
Process completed with exit code 1.
|
|
Test 05
Process completed with exit code 1.
|
|
Test 05
Resource not accessible by integration - https://docs.github.com/rest
|
|
Test 01
Resource not accessible by integration - https://docs.github.com/rest
|
|
Test 04
Resource not accessible by integration - https://docs.github.com/rest
|
|
Test 09
Resource not accessible by integration - https://docs.github.com/rest
|
|
Test 07
Resource not accessible by integration - https://docs.github.com/rest
|
|
Test 08
Process completed with exit code 1.
|
|
Test 08
Process completed with exit code 1.
|
|
Test 08:
integration-tests/cases/08-poetry-src-both/src/auth.py#L8
[B324] Use of weak MD5 hash for security. Consider usedforsecurity=False
|
|
Test 08
Resource not accessible by integration - https://docs.github.com/rest
|
|
Test 14
This run of the CodeQL Action does not have permission to access the CodeQL Action API endpoints. This could be because the Action is running on a pull request from a fork. If not, please ensure the workflow has at least the 'security-events: read' permission. Details: Resource not accessible by integration - https://docs.github.com/rest
|
|
Test 14
Resource not accessible by integration - https://docs.github.com/rest
|
|
Test 14
This run of the CodeQL Action does not have permission to access the CodeQL Action API endpoints. This could be because the Action is running on a pull request from a fork. If not, please ensure the workflow has at least the 'security-events: read' permission. Details: Resource not accessible by integration - https://docs.github.com/rest
|
|
Test 12
This run of the CodeQL Action does not have permission to access the CodeQL Action API endpoints. This could be because the Action is running on a pull request from a fork. If not, please ensure the workflow has at least the 'security-events: read' permission. Details: Resource not accessible by integration - https://docs.github.com/rest
|
|
Test 12
Resource not accessible by integration - https://docs.github.com/rest
|
|
Test 12
This run of the CodeQL Action does not have permission to access the CodeQL Action API endpoints. This could be because the Action is running on a pull request from a fork. If not, please ensure the workflow has at least the 'security-events: read' permission. Details: Resource not accessible by integration - https://docs.github.com/rest
|
|
Test 13
pip-audit: pygments@2.19.2 — CVE-2026-4539 (fix: no fix available)
|
|
Test 13
This run of the CodeQL Action does not have permission to access the CodeQL Action API endpoints. This could be because the Action is running on a pull request from a fork. If not, please ensure the workflow has at least the 'security-events: read' permission. Details: Resource not accessible by integration - https://docs.github.com/rest
|
|
Test 13
Resource not accessible by integration - https://docs.github.com/rest
|
|
Test 13
This run of the CodeQL Action does not have permission to access the CodeQL Action API endpoints. This could be because the Action is running on a pull request from a fork. If not, please ensure the workflow has at least the 'security-events: read' permission. Details: Resource not accessible by integration - https://docs.github.com/rest
|
|
Test 02
This run of the CodeQL Action does not have permission to access the CodeQL Action API endpoints. This could be because the Action is running on a pull request from a fork. If not, please ensure the workflow has at least the 'security-events: read' permission. Details: Resource not accessible by integration - https://docs.github.com/rest
|
|
Test 02
Resource not accessible by integration - https://docs.github.com/rest
|
|
Test 02
This run of the CodeQL Action does not have permission to access the CodeQL Action API endpoints. This could be because the Action is running on a pull request from a fork. If not, please ensure the workflow has at least the 'security-events: read' permission. Details: Resource not accessible by integration - https://docs.github.com/rest
|
|
Test 03
pip-audit: cryptography@38.0.0 — PYSEC-2023-254 (fix: 41.0.6)
|
|
Test 03
pip-audit: cryptography@38.0.0 — PYSEC-2023-11 (fix: 39.0.1)
|
|
Test 03
pip-audit: requests@2.25.0 — CVE-2026-25645 (fix: 2.33.0)
|
|
Test 03
pip-audit: requests@2.25.0 — CVE-2024-47081 (fix: 2.32.4)
|
|
Test 03
pip-audit: requests@2.25.0 — CVE-2024-35195 (fix: 2.32.0)
|
|
Test 03
pip-audit: requests@2.25.0 — PYSEC-2023-74 (fix: 2.31.0)
|
|
Test 03
pip-audit: requests@2.25.0 — PYSEC-2023-74 (fix: 2.31.0)
|
|
Test 03
This run of the CodeQL Action does not have permission to access the CodeQL Action API endpoints. This could be because the Action is running on a pull request from a fork. If not, please ensure the workflow has at least the 'security-events: read' permission. Details: Resource not accessible by integration - https://docs.github.com/rest
|
|
Test 03
Resource not accessible by integration - https://docs.github.com/rest
|
|
Test 03
This run of the CodeQL Action does not have permission to access the CodeQL Action API endpoints. This could be because the Action is running on a pull request from a fork. If not, please ensure the workflow has at least the 'security-events: read' permission. Details: Resource not accessible by integration - https://docs.github.com/rest
|
|
Test 10
This run of the CodeQL Action does not have permission to access the CodeQL Action API endpoints. This could be because the Action is running on a pull request from a fork. If not, please ensure the workflow has at least the 'security-events: read' permission. Details: Resource not accessible by integration - https://docs.github.com/rest
|
|
Test 11
This run of the CodeQL Action does not have permission to access the CodeQL Action API endpoints. This could be because the Action is running on a pull request from a fork. If not, please ensure the workflow has at least the 'security-events: read' permission. Details: Resource not accessible by integration - https://docs.github.com/rest
|
|
Test 11
Resource not accessible by integration - https://docs.github.com/rest
|
|
Test 11
This run of the CodeQL Action does not have permission to access the CodeQL Action API endpoints. This could be because the Action is running on a pull request from a fork. If not, please ensure the workflow has at least the 'security-events: read' permission. Details: Resource not accessible by integration - https://docs.github.com/rest
|
|
Test 10
Resource not accessible by integration - https://docs.github.com/rest
|
|
Test 10
This run of the CodeQL Action does not have permission to access the CodeQL Action API endpoints. This could be because the Action is running on a pull request from a fork. If not, please ensure the workflow has at least the 'security-events: read' permission. Details: Resource not accessible by integration - https://docs.github.com/rest
|
|
Test 06
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Node.js 20 will be removed from the runner on September 16th, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
|
|
Test 06:
integration-tests/cases/06-uv-multi-bandit/src/parser.py#L8
[B506] Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load().
|
|
Test 06
This run of the CodeQL Action does not have permission to access the CodeQL Action API endpoints. This could be because the Action is running on a pull request from a fork. If not, please ensure the workflow has at least the 'security-events: read' permission. Details: Resource not accessible by integration - https://docs.github.com/rest
|
|
Test 06
Resource not accessible by integration - https://docs.github.com/rest
|
|
Test 06
This run of the CodeQL Action does not have permission to access the CodeQL Action API endpoints. This could be because the Action is running on a pull request from a fork. If not, please ensure the workflow has at least the 'security-events: read' permission. Details: Resource not accessible by integration - https://docs.github.com/rest
|
|
Test 05
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Node.js 20 will be removed from the runner on September 16th, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
|
|
Test 05
pip-audit: requests@2.25.0 — CVE-2026-25645 (fix: 2.33.0)
|
|
Test 05
pip-audit: requests@2.25.0 — CVE-2024-47081 (fix: 2.32.4)
|
|
Test 05
pip-audit: requests@2.25.0 — CVE-2024-35195 (fix: 2.32.0)
|
|
Test 05
pip-audit: requests@2.25.0 — PYSEC-2023-74 (fix: 2.31.0)
|
|
Test 05
pip-audit: requests@2.25.0 — PYSEC-2023-74 (fix: 2.31.0)
|
|
Test 05
pip-audit: idna@2.10 — PYSEC-2024-60 (fix: 3.7)
|
|
Test 05
pip-audit: idna@2.10 — PYSEC-2024-60 (fix: 3.7)
|
|
Test 05
This run of the CodeQL Action does not have permission to access the CodeQL Action API endpoints. This could be because the Action is running on a pull request from a fork. If not, please ensure the workflow has at least the 'security-events: read' permission. Details: Resource not accessible by integration - https://docs.github.com/rest
|
|
Test 05
Resource not accessible by integration - https://docs.github.com/rest
|
|
Test 05
This run of the CodeQL Action does not have permission to access the CodeQL Action API endpoints. This could be because the Action is running on a pull request from a fork. If not, please ensure the workflow has at least the 'security-events: read' permission. Details: Resource not accessible by integration - https://docs.github.com/rest
|
|
Test 01
This run of the CodeQL Action does not have permission to access the CodeQL Action API endpoints. This could be because the Action is running on a pull request from a fork. If not, please ensure the workflow has at least the 'security-events: read' permission. Details: Resource not accessible by integration - https://docs.github.com/rest
|
|
Test 01
Resource not accessible by integration - https://docs.github.com/rest
|
|
Test 01
This run of the CodeQL Action does not have permission to access the CodeQL Action API endpoints. This could be because the Action is running on a pull request from a fork. If not, please ensure the workflow has at least the 'security-events: read' permission. Details: Resource not accessible by integration - https://docs.github.com/rest
|
|
Test 04
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Node.js 20 will be removed from the runner on September 16th, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
|
|
Test 04
This run of the CodeQL Action does not have permission to access the CodeQL Action API endpoints. This could be because the Action is running on a pull request from a fork. If not, please ensure the workflow has at least the 'security-events: read' permission. Details: Resource not accessible by integration - https://docs.github.com/rest
|
|
Test 04
Resource not accessible by integration - https://docs.github.com/rest
|
|
Test 04
This run of the CodeQL Action does not have permission to access the CodeQL Action API endpoints. This could be because the Action is running on a pull request from a fork. If not, please ensure the workflow has at least the 'security-events: read' permission. Details: Resource not accessible by integration - https://docs.github.com/rest
|
|
Test 09
This run of the CodeQL Action does not have permission to access the CodeQL Action API endpoints. This could be because the Action is running on a pull request from a fork. If not, please ensure the workflow has at least the 'security-events: read' permission. Details: Resource not accessible by integration - https://docs.github.com/rest
|
|
Test 09
Resource not accessible by integration - https://docs.github.com/rest
|
|
Test 09
This run of the CodeQL Action does not have permission to access the CodeQL Action API endpoints. This could be because the Action is running on a pull request from a fork. If not, please ensure the workflow has at least the 'security-events: read' permission. Details: Resource not accessible by integration - https://docs.github.com/rest
|
|
Test 07
This run of the CodeQL Action does not have permission to access the CodeQL Action API endpoints. This could be because the Action is running on a pull request from a fork. If not, please ensure the workflow has at least the 'security-events: read' permission. Details: Resource not accessible by integration - https://docs.github.com/rest
|
|
Test 07
Resource not accessible by integration - https://docs.github.com/rest
|
|
Test 07
This run of the CodeQL Action does not have permission to access the CodeQL Action API endpoints. This could be because the Action is running on a pull request from a fork. If not, please ensure the workflow has at least the 'security-events: read' permission. Details: Resource not accessible by integration - https://docs.github.com/rest
|
|
Test 08
pip-audit: cryptography@38.0.0 — GHSA-39hc-v87j-747x (fix: 38.0.3)
|
|
Test 08
pip-audit: cryptography@38.0.0 — PYSEC-2023-11 (fix: 39.0.1)
|
|
Test 08
pip-audit: cryptography@38.0.0 — PYSEC-2024-225 (fix: 42.0.4)
|
|
Test 08
pip-audit: cryptography@38.0.0 — PYSEC-2024-225 (fix: 42.0.4)
|
|
Test 08
pip-audit: cryptography@38.0.0 — PYSEC-2023-254 (fix: 41.0.6)
|
|
Test 08
pip-audit: cryptography@38.0.0 — PYSEC-2023-254 (fix: 41.0.6)
|
|
Test 08
pip-audit: cryptography@38.0.0 — PYSEC-2023-11 (fix: 39.0.1)
|
|
Test 08
This run of the CodeQL Action does not have permission to access the CodeQL Action API endpoints. This could be because the Action is running on a pull request from a fork. If not, please ensure the workflow has at least the 'security-events: read' permission. Details: Resource not accessible by integration - https://docs.github.com/rest
|
|
Test 08
Resource not accessible by integration - https://docs.github.com/rest
|
|
Test 08
This run of the CodeQL Action does not have permission to access the CodeQL Action API endpoints. This could be because the Action is running on a pull request from a fork. If not, please ensure the workflow has at least the 'security-events: read' permission. Details: Resource not accessible by integration - https://docs.github.com/rest
|
|
Test 14:
integration-tests/cases/14-uv-low-threshold/app.py#L4
[B101] Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
|
|
Test 12:
integration-tests/cases/12-uv-flat-bandit-only/app.py#L2
[B404] Consider possible security implications associated with the subprocess module.
|
|
Test 02:
integration-tests/cases/02-requirements-src-bandit/src/app.py#L14
[B105] Possible hardcoded password: 'supersecret123'
|
|
Test 02:
integration-tests/cases/02-requirements-src-bandit/src/app.py#L2
[B404] Consider possible security implications associated with the subprocess module.
|
|
Test 03:
integration-tests/cases/03-requirements-multi-both/src/processor.py#L2
[B404] Consider possible security implications associated with the subprocess module.
|
|
Test 03:
integration-tests/cases/03-requirements-multi-both/scripts/run.py#L7
[B105] Possible hardcoded password: 'hardcoded_db_pass'
|
|
Test 10:
integration-tests/cases/10-pipenv-multi-bandit/src/handler.py#L2
[B404] Consider possible security implications associated with the subprocess module.
|
|
Test 10:
integration-tests/cases/10-pipenv-multi-bandit/scripts/deploy.py#L2
[B404] Consider possible security implications associated with the subprocess module.
|
|
Test 08:
integration-tests/cases/08-poetry-src-both/src/auth.py#L14
[B105] Possible hardcoded password: 'dev_secret_token_abc123'
|
Artifacts
Produced during runtime
| Name | Size | Digest | |
|---|---|---|---|
|
security-audit-01
|
943 Bytes |
sha256:4fc80a15bec987e0aa093f74ed075b564cdf096930d7d27fbb140fd92a0e003b
|
|
|
security-audit-02
|
1.73 KB |
sha256:7606b9830f1ae23b16fcc8dff9af4ccbaffd411abf9e160dd6ec3214d610eac0
|
|
|
security-audit-03
|
9.88 KB |
sha256:cb1c14e4973fcbfc641ce085a4b2fe8ae0537335477f682db5bcd6e20c4498d8
|
|
|
security-audit-04
|
563 Bytes |
sha256:05ab270396da862f064ef6514c43dce9e7828030f28d8f4cdcc12624c377125a
|
|
|
security-audit-05
|
5.9 KB |
sha256:9a831064b7c6991bdfe72667e2fd471c4905fdcc66da55dbe3b1df54da865bf1
|
|
|
security-audit-06
|
1.16 KB |
sha256:d5feb0e077e0144de611082841e8ee089f9f621d84d14e5b22b48e991ff8b5ce
|
|
|
security-audit-07
|
922 Bytes |
sha256:2d335c62c1f9f2fca0f59675362678aaab040f8733fab89656febd3f43da38bd
|
|
|
security-audit-08
|
9.63 KB |
sha256:88947cea8ad0d8933dec1fbe841c9207e2e373633635f45624e10f0cdc5eb42b
|
|
|
security-audit-09
|
938 Bytes |
sha256:e1cdac622d83d438cc93b7b04127ca9f88fad2c5e7b535c0033ebb5dee360989
|
|
|
security-audit-10
|
1.54 KB |
sha256:0db4ce40ac9d854a88d5e9407e2460a66e01f6c1c1da722f78f475fde391ec52
|
|
|
security-audit-11
|
855 Bytes |
sha256:a49b6402553e4b4ef308700b8f1e6427ea051f9f94d006414b7a224d538317ac
|
|
|
security-audit-12
|
1.17 KB |
sha256:439b1de276bed92dd5cb465f51d7bd989ea799b947a5eea9d632aaa14abfdf99
|
|
|
security-audit-13
|
1.16 KB |
sha256:9819da68a3ba5eebd026d7bc3abccfc0209437f2cd41aa85ae4cbbc4384f46a5
|
|
|
security-audit-14
|
1018 Bytes |
sha256:9381cdccd280c8d0b2b6098bed78f3a92a1e6c199e93e15441cbc2e8650efbbc
|
|
|
test-outcome-01
|
146 Bytes |
sha256:d85fa159525d03d0e53dbfa49019b665a566a773a38658900cf31483f6fdb7c8
|
|
|
test-outcome-02
|
146 Bytes |
sha256:be70f6e6159008f923800d08a67b0770e3f3b3926becd478ee99c90b87b8a8ac
|
|
|
test-outcome-03
|
146 Bytes |
sha256:be70f6e6159008f923800d08a67b0770e3f3b3926becd478ee99c90b87b8a8ac
|
|
|
test-outcome-04
|
146 Bytes |
sha256:d85fa159525d03d0e53dbfa49019b665a566a773a38658900cf31483f6fdb7c8
|
|
|
test-outcome-05
|
146 Bytes |
sha256:25f92dc9c9e522c9de99144164df313fc9c4c916b79836175be0d702528427d5
|
|
|
test-outcome-06
|
146 Bytes |
sha256:25f92dc9c9e522c9de99144164df313fc9c4c916b79836175be0d702528427d5
|
|
|
test-outcome-07
|
146 Bytes |
sha256:58c7884471b34813b516b1bbba60abbd769745df45a1d2536cc1e28377aacec5
|
|
|
test-outcome-08
|
146 Bytes |
sha256:1733620bf4e016a388940a23dc64dc086b033ff55ace150b6948e0d7caff763b
|
|
|
test-outcome-09
|
146 Bytes |
sha256:a1fa5ae447b9d0fdcce8c12426feac84687d80db562f7f1415044554f001a00c
|
|
|
test-outcome-10
|
146 Bytes |
sha256:25f92dc9c9e522c9de99144164df313fc9c4c916b79836175be0d702528427d5
|
|
|
test-outcome-11
|
146 Bytes |
sha256:c3c9667b204939e923f1f207b7d7d89215b3f4e10a4fe873a4863977d31f88f6
|
|
|
test-outcome-12
|
146 Bytes |
sha256:974f63c8e649c36b00ff646eab2c4dc55f73dd8a2f81ddff70fac0f3bfbff859
|
|
|
test-outcome-13
|
146 Bytes |
sha256:6391e83d2afcb6f3b8a8dbd01b4fca3a9f5dc8c69e0ca756bf0180b20373b186
|
|
|
test-outcome-14
|
146 Bytes |
sha256:28dffe219896363883b70b6154bf7746ec99e9288769caa5e423e06edff51dfa
|
|