Skip to content

Added "uv audit" in precommit and pipelines

Bhaskar Battula requested to merge uv-audit into develop

Summary

This MR adds uv audit checks to both CI pipelines and pre-commit hooks to improve dependency security validation across the development workflow.

Changes Included

  • Added uv audit execution in CI/CD pipelines
  • Added uv audit to pre-commit configuration
  • Ensures dependency vulnerability checks run:
    • Locally before commits
    • Automatically during pipeline execution
  • Standardized security validation across developer and CI environments

Why

This helps catch known vulnerable dependencies earlier in the development lifecycle and prevents insecure packages from being merged into the codebase.

Benefits

  • Earlier feedback for developers
  • Consistent security checks across environments
  • Reduced risk from vulnerable dependencies
  • Lightweight and fast auditing using uv

Validation

  • Verified pre-commit hook execution locally
  • Verified pipeline audit stage passes successfully
  • Confirmed no blocking vulnerabilities in current dependencies

Notes

Developers may need to install or update pre-commit hooks:

pre-commit install

Merge request reports