Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

README: prep 1.0.6 #34

Merged
merged 1 commit into from
Feb 16, 2023
Merged

README: prep 1.0.6 #34

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
42 changes: 21 additions & 21 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ jobs:
- uses: actions/checkout@v3
- name: install
run: python -m pip install .
- uses: pypa/[email protected].5
- uses: pypa/[email protected].6
```

Or, with a virtual environment:
Expand All @@ -48,7 +48,7 @@ jobs:
python -m venv env/
source env/bin/activate
python -m pip install .
- uses: pypa/[email protected].5
- uses: pypa/[email protected].6
with:
virtual-environment: env/
```
Expand All @@ -72,15 +72,15 @@ The `inputs` setting controls what sources `pip-audit` runs on.
To audit one or more requirements-style inputs:

```yaml
- uses: pypa/[email protected].5
- uses: pypa/[email protected].6
with:
inputs: requirements.txt dev-requirements.txt
```

To audit a project that uses `pyproject.toml` for its dependencies:

```yaml
- uses: pypa/[email protected].5
- uses: pypa/[email protected].6
with:
# NOTE: this can be `.`, for the current directory
inputs: path/to/project/
Expand Down Expand Up @@ -108,7 +108,7 @@ Example: use the virtual environment specified at `env/`, relative to the
current directory:

```yaml
- uses: pypa/[email protected].5
- uses: pypa/[email protected].6
with:
virtual-environment: env/
# Note the absence of `input:`, since we're auditing the environment.
Expand All @@ -128,7 +128,7 @@ installed directly into the current environment are included.
Example:

```yaml
- uses: pypa/[email protected].5
- uses: pypa/[email protected].6
with:
local: true
```
Expand All @@ -145,7 +145,7 @@ It's directly equivalent to `pip-audit --vulnerability-service=...`.
To audit with OSV instead of PyPI:

```yaml
- uses: pypa/[email protected].5
- uses: pypa/[email protected].6
with:
vulnerability-service: osv
```
Expand All @@ -160,7 +160,7 @@ It's directly equivalent to `pip-audit --require-hashes ...`.
Example:

```yaml
- uses: pypa/[email protected].5
- uses: pypa/[email protected].6
with:
# NOTE: only works with requirements-style inputs
inputs: requirements.txt
Expand All @@ -177,7 +177,7 @@ It's directly equivalent to `pip-audit --no-deps ...`.
Example:

```yaml
- uses: pypa/[email protected].5
- uses: pypa/[email protected].6
with:
# NOTE: only works with requirements-style inputs
inputs: requirements.txt
Expand All @@ -195,7 +195,7 @@ is rendered at the end of the action.
Example:

```yaml
- uses: pypa/[email protected].5
- uses: pypa/[email protected].6
with:
summary: false
```
Expand All @@ -214,7 +214,7 @@ indices to search (such as a corporate index with private packages), see
Example:

```yaml
- uses: pypa/[email protected].5
- uses: pypa/[email protected].6
with:
index-url: https://example.corporate.local/simple
```
Expand All @@ -229,7 +229,7 @@ indexes to search when resolving dependencies. Each URL is whitespace-separated.
Example:

```yaml
- uses: pypa/[email protected].5
- uses: pypa/[email protected].6
with:
extra-index-urls: |
https://example.corporate.local/simple
Expand All @@ -246,7 +246,7 @@ ignore (i.e., exclude from the results) if present. Each ID is whitespace-separa
Example

```yaml
- uses: pypa/[email protected].5
- uses: pypa/[email protected].6
with:
ignore-vulns: |
GHSA-XXXX-YYYYYY
Expand Down Expand Up @@ -276,7 +276,7 @@ Example
Example:

```yaml
- uses: pypa/[email protected].5
- uses: pypa/[email protected].6
with:
internal-be-careful-allow-failure: true
```
Expand All @@ -295,7 +295,7 @@ Example
Example:

```yaml
- uses: pypa/[email protected].5
- uses: pypa/[email protected].6
with:
internal-be-careful-debug: true
```
Expand All @@ -309,7 +309,7 @@ to `pip-audit`.
Example:

```yaml
- uses: pypa/[email protected].5
- uses: pypa/[email protected].6
with:
internal-be-careful-extra-flags: --not-a-real-pip-audit-flag
```
Expand All @@ -326,7 +326,7 @@ If you're auditing a requirements file, consider setting `no-deps: true` or
`require-hashes: true`:

```yaml
- uses: pypa/[email protected].5
- uses: pypa/[email protected].6
with:
inputs: requirements.txt
require-hashes: true
Expand All @@ -335,7 +335,7 @@ If you're auditing a requirements file, consider setting `no-deps: true` or
or:

```yaml
- uses: pypa/[email protected].5
- uses: pypa/[email protected].6
with:
inputs: requirements.txt
no-deps: true
Expand All @@ -356,7 +356,7 @@ by the host system itself, or other Python projects that happen to be installed.
To minimize external dependencies, you can opt into a virtual environment:

```yaml
- uses: pypa/[email protected].5
- uses: pypa/[email protected].6
with:
# must be populated earlier in the CI
virtual-environment: env/
Expand All @@ -366,7 +366,7 @@ and, more aggressively, specify that only dependencies marked as "local"
in the virtual environment should be included:

```yaml
- uses: pypa/[email protected].5
- uses: pypa/[email protected].6
with:
# must be populated earlier in the CI
virtual-environment: env/
Expand Down Expand Up @@ -396,7 +396,7 @@ jobs:
run: |
pipx run pipfile-requirements Pipfile.lock > requirements.txt

- uses: pypa/[email protected].5
- uses: pypa/[email protected].6
with:
inputs: requirements.txt
```
Expand Down