Introduce dependency vulnerability scanning using pip-audit or uv audit to detect known issues in Python dependencies.
Scope:
- Add pip-audit or uv audit to CI (GitHub Actions)
- Fail builds on known vulnerabilities (configurable threshold)
- Optionally generate a report artifact
Acceptance criteria:
- CI runs pip-audit or uv audit on each PR
- Fails when vulnerabilities are detected
- Documentation added for local usage (both options or chosen standard)
References:
https://github.com/pypa/pip-audit
https://github.com/astral-sh/uv
Introduce dependency vulnerability scanning using pip-audit or uv audit to detect known issues in Python dependencies.
Scope:
Acceptance criteria:
References:
https://github.com/pypa/pip-audit
https://github.com/astral-sh/uv