Security Scanning

Merge pull request #43 from OpenSPP/feat/statistics-system #162

Sign in to view logs

Triggered via push February 20, 2026 09:36

emjay0921

19.0

Status Success

Total duration 7m 43s

Artifacts –

security.yml

on: push

Secret Detection (Gitleaks)

Dependency Scan

Static Analysis (Semgrep)

Container Scan (Trivy)

Annotations

7 warnings

Secret Detection (Gitleaks)

CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/

Dependency Scan

pip-audit found vulnerabilities (see output above)

Dependency Scan

Fiona/GDAL excluded (require native GDAL/libgdal-dev build dependencies)

Dependency Scan

git+https://github.com/OCA/openupgradelib.git@master

Dependency Scan

Skipping VCS/URL dependencies (cannot be audited):

Static Analysis (Semgrep)

CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/

Container Scan (Trivy)

CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/