Testing/CI/tooling consistency (#9,#20,#21,#22,#23,#28) (#59)
Co-authored-by: claude <claude@jpaul.io> Co-committed-by: claude <claude@jpaul.io>
This commit was merged in pull request #59.
This commit is contained in:
@@ -220,6 +220,12 @@ and wire the catch into your pipeline.
|
||||
pip install pip-audit detect-secrets
|
||||
```
|
||||
|
||||
> **If `pip install` is refused** with "externally-managed-environment" (PEP 668 — common on
|
||||
> recent Debian/Ubuntu and Homebrew Python), install into a per-project virtual environment
|
||||
> instead: `python3 -m venv .venv && source .venv/bin/activate` (Windows: `.venv\Scripts\activate`),
|
||||
> then re-run the install. (`pipx` or `pip install --break-system-packages` also work; a venv is the
|
||||
> clean default.)
|
||||
|
||||
These are concrete, currently-maintained examples of the **SCA** and **secret-scanning**
|
||||
categories — not the only choices (see *Where it breaks* and *Verify-before-publish*). The lab
|
||||
teaches the moves; the moves transfer to any tool in the category.
|
||||
|
||||
Reference in New Issue
Block a user