Testing/CI/tooling consistency (#9,#20,#21,#22,#23,#28) (#59)

Co-authored-by: claude <claude@jpaul.io>
Co-committed-by: claude <claude@jpaul.io>
This commit was merged in pull request #59.
This commit is contained in:
2026-06-22 16:07:58 -04:00
committed by Claude (agent)
parent a6a3cfdc50
commit 391df7fc6d
17 changed files with 216 additions and 82 deletions
+6
View File
@@ -220,6 +220,12 @@ and wire the catch into your pipeline.
pip install pip-audit detect-secrets
```
> **If `pip install` is refused** with "externally-managed-environment" (PEP 668 — common on
> recent Debian/Ubuntu and Homebrew Python), install into a per-project virtual environment
> instead: `python3 -m venv .venv && source .venv/bin/activate` (Windows: `.venv\Scripts\activate`),
> then re-run the install. (`pipx` or `pip install --break-system-packages` also work; a venv is the
> clean default.)
These are concrete, currently-maintained examples of the **SCA** and **secret-scanning**
categories — not the only choices (see *Where it breaks* and *Verify-before-publish*). The lab
teaches the moves; the moves transfer to any tool in the category.