Merge branch '59-remove-py-safety' into 'master'

Resolve "Remove py-safety"

Closes #59

See merge request to-be-continuous/python!93

README.md

@@ -230,17 +230,6 @@ In addition to a textual report in the console, this job produces the following
 | `$PYTHON_PROJECT_DIR/reports/py-bandit.bandit.csv` | [CSV](https://bandit.readthedocs.io/en/latest/formatters/csv.html) | [SonarQube integration](https://docs.sonarqube.org/latest/analysis/external-issues/)<br/>_This report is generated only if SonarQube template is detected_ |
 | `$PYTHON_PROJECT_DIR/reports/py-bandit.bandit.json` | [JSON](https://bandit.readthedocs.io/en/latest/formatters/json.html) | [DefectDojo integration](https://defectdojo.github.io/django-DefectDojo/integrations/parsers/#bandit)<br/>_This report is generated only if DefectDojo template is detected_ |
 
-### `py-safety` job (dependency check)
-
-This job is **disabled by default** and performs a dependency check analysis using [Safety](https://pypi.org/project/safety/).
-
-It is bound to the `test` stage, and uses the following variables:
-
-| Input / Variable | Description                                                             | Default value     |
-| ---------------- | ----------------------------------------------------------------------- | ----------------- |
-| `safety-enabled` / `SAFETY_ENABLED` | Set to `true` to enable Safety job                                      | _none_ (disabled) |
-| `safety-args` / `SAFETY_ARGS`    | Additional [Safety CLI options](https://github.com/pyupio/safety#usage) | `--full-report`   |
-
 ### `py-trivy` job (dependency check)
 
 This job is **disabled by default** and performs a dependency check analysis using [Trivy](https://github.com/aquasecurity/trivy/).

kicker.json

@@ -128,20 +128,6 @@
         }
       ]
     },
-    {
-      "id": "safety",
-      "name": "Safety",
-      "description": "Detect security vulnerabilities with [Safety](https://pypi.org/project/safety/) (dependencies analysis)",
-      "enable_with": "SAFETY_ENABLED",
-      "variables": [
-        {
-          "name": "SAFETY_ARGS",
-          "description": "Additional [Safety CLI options](https://github.com/pyupio/safety#usage)",
-          "default": "--full-report",
-          "advanced": true
-        }
-      ]
-    },
     {
       "id": "trivy",
       "name": "Trivy",

templates/gitlab-ci-python.yml

@@ -96,13 +96,6 @@ spec:
     bandit-args:
       description: Additional [Bandit CLI options](https://github.com/PyCQA/bandit#usage)
       default: --recursive .
-    safety-enabled:
-      description: Enable Safety
-      type: boolean
-      default: false
-    safety-args:
-      description: Additional [Safety CLI options](https://github.com/pyupio/safety#usage)
-      default: --full-report
     trivy-enabled:
       description: Enable Trivy
       type: boolean
@@ -228,9 +221,6 @@ variables:
 
   BANDIT_ARGS: $[[ inputs.bandit-args ]]
 
-  # Safety tool
-  SAFETY_ARGS: $[[ inputs.safety-args ]]
-
   # Trivy tool
   PYTHON_TRIVY_ENABLED: $[[ inputs.trivy-enabled ]]
   PYTHON_TRIVY_IMAGE: $[[ inputs.trivy-image ]]
@@ -267,7 +257,6 @@ variables:
 
   NOSETESTS_ENABLED: $[[ inputs.nosetests-enabled ]]
   BANDIT_ENABLED: $[[ inputs.bandit-enabled ]]
-  SAFETY_ENABLED: $[[ inputs.safety-enabled ]]
   PYTHON_SBOM_DISABLED: $[[ inputs.sbom-disabled ]]
   PYTHON_RELEASE_ENABLED: $[[ inputs.release-enabled ]]
 
@@ -997,23 +986,6 @@ py-bandit:
       when: never
     - !reference [.test-policy, rules]
 
-# Safety (dependency check)
-py-safety:
-  extends: .python-base
-  stage: test
-  # force no dependencies
-  dependencies: []
-  script:
-    - mkdir -p -m 777 reports
-    - install_requirements
-    - _pip install safety
-    - _pip freeze | _run safety check --stdin ${SAFETY_ARGS}
-  rules:
-    # exclude if $SAFETY_ENABLED not set
-    - if: '$SAFETY_ENABLED != "true"'
-      when: never
-    - !reference [.test-policy, rules]
-
 # Trivy (dependency check)
 py-trivy:
   extends: .python-base