-
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathpyproject.toml
More file actions
95 lines (84 loc) · 2.55 KB
/
pyproject.toml
File metadata and controls
95 lines (84 loc) · 2.55 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
[build-system]
requires = ["hatchling>=1.27"]
build-backend = "hatchling.build"
[project]
name = "bos-code-scanning-kit"
version = "1.0.0"
description = "Local CLI for the BOS Code Scanning Kit — auto-detect ecosystems, run scanners, audit posture, merge SARIF for GHAS."
readme = "README.md"
requires-python = ">=3.10"
license = {file = "LICENSE"}
authors = [{name = "Blackout Secure"}]
keywords = [
"github",
"actions",
"security",
"sarif",
"code-scanning",
"ghas",
"posture",
"secrets",
"supply-chain",
]
classifiers = [
"Development Status :: 4 - Beta",
"Intended Audience :: Developers",
"Intended Audience :: System Administrators",
"License :: OSI Approved :: Apache Software License",
"Programming Language :: Python :: 3",
"Programming Language :: Python :: 3.10",
"Programming Language :: Python :: 3.11",
"Programming Language :: Python :: 3.12",
"Topic :: Security",
"Topic :: Software Development :: Quality Assurance",
]
dependencies = [
"PyYAML>=6.0",
]
[project.optional-dependencies]
dev = [
"pytest>=8.0",
"ruff>=0.6",
]
[project.scripts]
bos-scan = "scan_kit.cli:main"
[project.urls]
Homepage = "https://github.com/blackoutsecure/bos-code-scanning-kit"
Issues = "https://github.com/blackoutsecure/bos-code-scanning-kit/issues"
Source = "https://github.com/blackoutsecure/bos-code-scanning-kit"
[tool.pytest.ini_options]
# Lets contributors run the suite without `pip install -e .`. CI still
# installs the package editable so the console-script entrypoint
# (`bos-scan`) is also exercised end-to-end.
pythonpath = ["src"]
testpaths = ["test"]
addopts = "-ra"
[tool.ruff]
line-length = 100
target-version = "py310"
extend-exclude = [".venv", "venv"]
[tool.ruff.lint]
select = ["E", "F", "W", "I", "B", "UP", "S", "SIM"]
ignore = [
"E501", # line length is enforced by `line-length`; long URLs in docs are fine
"S101", # `assert` is normal in pytest
"S105", # field names like `require_secret_scanning` trigger false positives on severity literals ("warn", "skip")
"S310", # we deliberately call api.github.com via urllib.request — no third-party HTTP client by design
"S603", # `subprocess` calls are intentional — we shell out to scanners
"S607", # scanner binaries are looked up on PATH by design
]
[tool.ruff.lint.per-file-ignores]
"test/**" = ["S", "B"]
[tool.ruff.lint.isort]
known-first-party = ["scan_kit"]
[tool.hatch.build.targets.wheel]
packages = ["src/scan_kit"]
[tool.hatch.build.targets.sdist]
include = [
"src/scan_kit",
"README.md",
"LICENSE",
"NOTICE",
"pyproject.toml",
"test",
]