Files
crewAI/.github/workflows
theCyberTech 0cc43b2720 feat: replace advisory pip-audit with blocking vuln process
New vulnerability scan process:
1. Run pip-audit without ignores on every PR
2. Classify vulns as direct or transitive (checks against all monorepo pyproject.toml files)
3. Direct vulns: auto-fix with pip-audit --fix and commit the bump to the PR branch
4. Transitive vulns: add to ignore list and create a GitHub issue for tracking
5. Re-run pip-audit with transitive ignores — PR passes only if direct vulns are resolved
6. Scheduled runs also validate that previously ignored vulns are still unfixable

Removes continue-on-error: true so the action actually blocks.
2026-06-06 15:48:26 +08:00
..