Security Scanning

Merge pull request #74 from OpenSPP/improve/spp-simulation #247

Sign in to view logs

Triggered via push March 6, 2026 06:54

jeremi

19.0

Status Success

Total duration 8m 56s

Artifacts –

security.yml

on: push

Secret Detection (Gitleaks)

Dependency Scan

Static Analysis (Semgrep)

Container Scan (Trivy)

Annotations

7 warnings

Secret Detection (Gitleaks)

CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/

Dependency Scan

pip-audit found vulnerabilities (see output above)

Dependency Scan

Fiona/GDAL excluded (require native GDAL/libgdal-dev build dependencies)

Dependency Scan

git+https://github.com/OCA/openupgradelib.git@master

Dependency Scan

Skipping VCS/URL dependencies (cannot be audited):

Static Analysis (Semgrep)

CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/

Container Scan (Trivy)

CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/