Spaces:
Running
Running
| from __future__ import annotations | |
| from pathlib import Path | |
| ROOT=Path(__file__).resolve().parents[1] | |
| REQUIRED=['SECURITY.md','CODEOWNERS','.github/workflows/security-scan.yml','services/api/app/core/security_headers.py','services/api/app/core/rate_limits.py','services/api/app/core/session.py'] | |
| DOCKER={'services/api/Dockerfile':['USER matrixbuilder','HEALTHCHECK'],'workers/Dockerfile':['USER matrixbuilder']} | |
| def main() -> None: | |
| missing=[p for p in REQUIRED if not (ROOT/p).exists()] | |
| if missing: raise SystemExit('Missing security files:\n'+'\n'.join(missing)) | |
| for rel,tokens in DOCKER.items(): | |
| text=(ROOT/rel).read_text(); miss=[t for t in tokens if t not in text] | |
| if miss: raise SystemExit(f'{rel} is missing: {miss}') | |
| print('Security baseline scan passed.') | |
| if __name__=='__main__': main() | |