azaion/gps-denied-onboard
1
0
Fork 0
mirror of https://github.com/azaion/gps-denied-onboard.git synced 2026-06-22 11:41:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

[AZ-243] Record security audit

Browse Source 
Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
Oleksandr Bezdieniezhnykh
2026-05-07 03:40:36 +03:00
parent a8e7199f30
commit ee6606a9c2
6 changed files with 262 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
_docs/05_security/dependency_scan.md
+34
View File
@@ -0,0 +1,34 @@
# Dependency Vulnerability Scan
**Date**: 2026-05-07
**Tool**: `pip-audit 2.10.0`
**Manifest**: `pyproject.toml`
**Result**: PASS
## Scope
The scan covered the Python dependencies declared in `pyproject.toml`, including the `dev` optional dependency group:
- `pydantic==2.13.3`
- `black>=24.0`
- `pytest>=8.0`
- `ruff>=0.5`
## Findings
No known vulnerabilities were reported.
## Audit Output Summary
`pip-audit` resolved and checked the project dependency set and returned:
```text
No known vulnerabilities found
```
Resolved packages with no advisories included `pydantic`, `pydantic-core`, `black`, `pytest`, and `ruff`.
## Notes
- `pip-audit` and its own transitive packages were installed as an audit tool in the local Python environment.
- The repository does not currently include a locked production dependency file, so the audit used the version constraints from `pyproject.toml`.