Security Scanning

deps(actions): bump docker/build-push-action from 5 to 7 #266

Sign in to view logs

Triggered via pull request March 9, 2026 03:13

dependabot[bot]

opened #80

dependabot/github_actions/docker/build-push-action-7

Status Success

Total duration 33s

Artifacts –

security.yml

on: pull_request

Secret Detection (Gitleaks)

Dependency Scan

Static Analysis (Semgrep)

Container Scan (Trivy)

Annotations

5 warnings

Secret Detection (Gitleaks)

CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/

Dependency Scan

pip-audit found vulnerabilities (see output above)

Dependency Scan

Fiona/GDAL excluded (require native GDAL/libgdal-dev build dependencies)

Dependency Scan

git+https://github.com/OCA/openupgradelib.git@master

Dependency Scan

Skipping VCS/URL dependencies (cannot be audited):