feat(security): add Snyk CI workflow and pinned Python requirements
Aegis CI / lint-and-test (push) Has been cancelled
Snyk Security Scan / Python vulnerabilities (backend) (push) Has been cancelled
Snyk Security Scan / npm vulnerabilities (frontend) (push) Has been cancelled
Snyk Security Scan / Docker image vulnerabilities (backend) (push) Has been cancelled
Aegis CI / lint-and-test (push) Has been cancelled
Snyk Security Scan / Python vulnerabilities (backend) (push) Has been cancelled
Snyk Security Scan / npm vulnerabilities (frontend) (push) Has been cancelled
Snyk Security Scan / Docker image vulnerabilities (backend) (push) Has been cancelled
- .github/workflows/snyk.yml: scans backend (Python), frontend (npm) and backend Docker image on every push/PR and weekly schedule. Uses continue-on-error during initial cleanup phase. Requires SNYK_TOKEN secret in GitHub repo settings. - backend/requirements-lock.txt: exact pip freeze from production container for accurate Snyk CVE scanning (no version ambiguity). To enable: add SNYK_TOKEN to GitHub repo secrets (get token from app.snyk.io -> Account Settings -> API Token).
This commit is contained in:
kitos
@@ -0,0 +1,83 @@
|
||||
# Auto-generated from pip freeze on 2026-06-12
|
||||
# Exact versions installed in production — used by Snyk for accurate CVE scanning.
|
||||
# Regenerate with: docker compose exec backend pip freeze > backend/requirements-lock.txt
|
||||
alembic==1.18.4
|
||||
annotated-types==0.7.0
|
||||
anyio==4.13.0
|
||||
APScheduler==3.11.2
|
||||
atlassian-python-api==4.0.7
|
||||
bcrypt==4.0.1
|
||||
beautifulsoup4==4.15.0
|
||||
boto3==1.43.27
|
||||
botocore==1.43.27
|
||||
brotli==1.2.0
|
||||
certifi==2026.5.20
|
||||
cffi==2.0.0
|
||||
charset-normalizer==3.4.7
|
||||
click==8.4.1
|
||||
cssselect2==0.9.0
|
||||
defusedxml==0.7.1
|
||||
Deprecated==1.3.1
|
||||
docxtpl==0.20.2
|
||||
fastapi==0.136.3
|
||||
fonttools==4.63.0
|
||||
greenlet==3.5.1
|
||||
h11==0.16.0
|
||||
httpcore==1.0.9
|
||||
httptools==0.8.0
|
||||
httpx==0.28.1
|
||||
idna==3.18
|
||||
isodate==0.7.2
|
||||
Jinja2==3.1.6
|
||||
jmespath==1.1.0
|
||||
limits==5.8.0
|
||||
lxml==6.1.1
|
||||
Mako==1.3.12
|
||||
MarkupSafe==3.0.3
|
||||
oauthlib==3.3.1
|
||||
packaging==26.2
|
||||
passlib==1.7.4
|
||||
pillow==12.2.0
|
||||
psycopg2-binary==2.9.12
|
||||
pycparser==3.0
|
||||
pydantic==2.13.4
|
||||
pydantic-settings==2.14.1
|
||||
pydantic_core==2.46.4
|
||||
pydyf==0.12.1
|
||||
PyJWT==2.13.0
|
||||
pyphen==0.17.2
|
||||
python-dateutil==2.9.0.post0
|
||||
python-docx==1.2.0
|
||||
python-dotenv==1.2.2
|
||||
python-multipart==0.0.32
|
||||
python3-saml==1.16.0
|
||||
pytz==2026.2
|
||||
PyYAML==6.0.3
|
||||
redis==8.0.0
|
||||
requests==2.34.2
|
||||
requests-oauthlib==2.0.0
|
||||
s3transfer==0.18.0
|
||||
six==1.17.0
|
||||
slowapi==0.1.9
|
||||
sortedcontainers==2.4.0
|
||||
soupsieve==2.8.4
|
||||
SQLAlchemy==2.0.50
|
||||
starlette==1.3.0
|
||||
taxii2-client==2.3.0
|
||||
tempo-api-python-client==0.12.0
|
||||
tinycss2==1.5.1
|
||||
tinyhtml5==2.1.0
|
||||
toml==0.10.2
|
||||
typing-inspection==0.4.2
|
||||
typing_extensions==4.15.0
|
||||
tzlocal==5.3.1
|
||||
urllib3==2.7.0
|
||||
uvicorn==0.49.0
|
||||
uvloop==0.22.1
|
||||
watchfiles==1.2.0
|
||||
weasyprint==69.0
|
||||
webencodings==0.5.1
|
||||
websockets==16.0
|
||||
wrapt==2.2.1
|
||||
xmlsec==1.3.17
|
||||
zopfli==0.4.3
|
||||
Reference in New Issue
Block a user