Skip to content

Commit 3ded8f2

Browse files
authored
semgrep scan fix (#451)
* test supressing * mypy fix * update geti-ci sha commit * linter * lint * upgrade lock file
1 parent 45533cb commit 3ded8f2

4 files changed

Lines changed: 302 additions & 301 deletions

File tree

.github/workflows/security-scan.yml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,7 @@ jobs:
2424
with:
2525
persist-credentials: false
2626
- name: Run Zizmor scan
27-
uses: open-edge-platform/geti-ci/actions/zizmor@829f7148f9f70bd4ffbb367f7374d78c32aef2a2
27+
uses: open-edge-platform/geti-ci/actions/zizmor@66652424b4ec87ff529dce5ae4a03f339e58a84b
2828
with:
2929
scan-scope: "all"
3030
severity-level: "LOW"
@@ -42,7 +42,7 @@ jobs:
4242
with:
4343
persist-credentials: false
4444
- name: Run Bandit scan
45-
uses: open-edge-platform/geti-ci/actions/bandit@829f7148f9f70bd4ffbb367f7374d78c32aef2a2
45+
uses: open-edge-platform/geti-ci/actions/bandit@66652424b4ec87ff529dce5ae4a03f339e58a84b
4646
with:
4747
scan-scope: "all"
4848
severity-level: "LOW"
@@ -62,7 +62,7 @@ jobs:
6262
persist-credentials: false
6363
- name: Run Trivy scan
6464
id: trivy
65-
uses: open-edge-platform/geti-ci/actions/trivy@829f7148f9f70bd4ffbb367f7374d78c32aef2a2
65+
uses: open-edge-platform/geti-ci/actions/trivy@66652424b4ec87ff529dce5ae4a03f339e58a84b
6666
with:
6767
scan_type: "fs"
6868
scan-scope: all
@@ -84,7 +84,7 @@ jobs:
8484
persist-credentials: false
8585
- name: Run Semgrep scan
8686
id: semgrep
87-
uses: open-edge-platform/geti-ci/actions/semgrep@829f7148f9f70bd4ffbb367f7374d78c32aef2a2
87+
uses: open-edge-platform/geti-ci/actions/semgrep@66652424b4ec87ff529dce5ae4a03f339e58a84b
8888
with:
8989
scan-scope: "all"
9090
severity: "LOW"

.github/workflows/test_precommit.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -52,7 +52,7 @@ jobs:
5252
with:
5353
persist-credentials: false
5454
- name: Run Zizmor scan
55-
uses: open-edge-platform/geti-ci/actions/zizmor@829f7148f9f70bd4ffbb367f7374d78c32aef2a2
55+
uses: open-edge-platform/geti-ci/actions/zizmor@66652424b4ec87ff529dce5ae4a03f339e58a84b
5656
with:
5757
scan-scope: "changed"
5858
severity-level: "LOW"
@@ -68,7 +68,7 @@ jobs:
6868
with:
6969
persist-credentials: false
7070
- name: Run Bandit scan
71-
uses: open-edge-platform/geti-ci/actions/bandit@829f7148f9f70bd4ffbb367f7374d78c32aef2a2
71+
uses: open-edge-platform/geti-ci/actions/bandit@66652424b4ec87ff529dce5ae4a03f339e58a84b
7272
with:
7373
scan-scope: "changed"
7474
severity-level: "LOW"
@@ -87,7 +87,7 @@ jobs:
8787
persist-credentials: false
8888
fetch-depth: 0
8989
- name: Run Semgrep scan
90-
uses: open-edge-platform/geti-ci/actions/semgrep@829f7148f9f70bd4ffbb367f7374d78c32aef2a2
90+
uses: open-edge-platform/geti-ci/actions/semgrep@66652424b4ec87ff529dce5ae4a03f339e58a84b
9191
with:
9292
scan-scope: "changed"
9393
severity: "LOW"

tools/model_converter/model_converter.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -102,7 +102,7 @@ def download_weights(
102102
self.logger.info(f"Saving to: {cached_file}")
103103

104104
try:
105-
urllib.request.urlretrieve( # noqa: S310 # nosemgrep: python.lang.security.audit.dynamic-urllib-use-detected.dynamic-urllib-use-detected
105+
urllib.request.urlretrieve( # noqa: S310 # nosemgrep: python.lang.security.audit.dynamic-urllib-use-detected.dynamic-urllib-use-detected
106106
url,
107107
cached_file,
108108
)

0 commit comments

Comments
 (0)