Check/uv audit-gitlab ci (!86) · Merge requests · Tools / gitlab-compliance-checker

mondyagu abhilash requested to merge check/uv-audit into feature-final Mar 29, 2026

Description

This merge request introduces a security audit step using uv audit in the GitLab CI pipeline to automatically detect known vulnerabilities in project dependencies.

The CI job scans all installed Python packages and reports any known security issues based on public vulnerability databases.

Key Changes Added uv audit command to the GitLab CI pipeline. The pipeline now performs dependency vulnerability scanning during CI runs. Ensures early detection of security issues in Python packages. Benefits Improves project security and dependency management. Detects known vulnerabilities automatically during CI execution. Helps maintain a secure and reliable codebase. Current Audit Result

During testing, the audit detected vulnerabilities in:

pygments (ReDoS vulnerability) requests (fixed in version 2.33.0)

These results confirm that the audit step is functioning correctly.

Edited Mar 29, 2026 by mondyagu abhilash

Check/uv audit-gitlab ci

Merge request reports