Add trivy scan (#115)

* Add trivy scan

* Add misconfig scanner

* update pyproject.toml

* run on schedule

* Change service for testing

Author: chr1st1ank

.github/workflows/security-scans.yml

@@ -0,0 +1,27 @@
+name: Security scans
+on:
+  schedule:
+      - "15 12 * * *"
+  pull_request:
+jobs:
+  build:
+    name: Trivy repository scan
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Run Trivy vulnerability scanner in repo mode
+        uses: aquasecurity/trivy-action@master
+        with:
+          scan-type: 'fs'
+          scanners: 'vuln,misconfig,secret,license'
+          ignore-unfixed: true
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+          severity: 'HIGH'
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: 'trivy-results.sarif'

README.md

@@ -78,7 +78,7 @@ import httpx
 async def web_request():
     """Sends a slow web request"""
     async with httpx.AsyncClient() as client:
-        response = await client.get("https://httpstat.us/200?sleep=100")
+        response = await client.get("https://httpbin.org/status/200?sleep=100")
     return response
 
 

dike/_limit_jobs.py

@@ -37,7 +37,7 @@ def limit_jobs(*, limit: int) -> Callable[..., Coroutine[Any, Any, Any]]:
         >>> @dike.limit_jobs(limit=2)
         ... async def web_request():
         ...     async with httpx.AsyncClient() as client:
-        ...         response = await client.get("https://httpstat.us/200?sleep=100")
+        ...         response = await client.get("https://httpbin.org/status/200?sleep=100")
         ...     return response
         ...
         ...

dike/_retry.py

@@ -46,7 +46,7 @@ def retry(
         >>> @dike.retry(attempts=2, delay=datetime.timedelta(milliseconds=10))
         ... async def web_request():
         ...     async with httpx.AsyncClient() as client:
-        ...         response = await client.get("https://httpstat.us/400")
+        ...         response = await client.get("https://httpbin.org/status/400")
         ...         if response.status_code != httpx.codes.OK:
         ...             raise RuntimeError("Request failed!")
         ...     return response

pyproject.toml

@@ -6,7 +6,7 @@ homepage = "https://github.com/chr1st1ank/dike"
 description = "Python asyncio tools for web service resilience."
 authors = ["Christian Krudewig <[email protected]>"]
 readme = "README.md"
-license = {file = "LICENSE"}
+license = "Apache-2.0"
 classifiers = [
     'Development Status :: 5 - Production/Stable',
     'Intended Audience :: Developers',