Using Github Actions to audit pip library versions

I’ve got several Python and TypeScript projects scattered around that need constant dependency babysitting. Dependabot does a decent job but keeps missing Python pip security issues that pip-audit catches. The problem is pip-audit wants everything pinned to exact versions, but I prefer flexible >= constraints in my requirements files.

After getting tired of manually running security audits and then forgetting about them for months, I built this GitHub Actions workflow to handle it automatically. You can see it in action on my Shiny Quiz repository and Django demo application.

ISC2 Cybersecurity Certificate (CC) offered for free through the end of 2024 is a nice opportunity to add some skills for people interested in Information Security. The offer includes a full set of online self-paced training materials along with a voucher for taking the certification. No professional experience is required to take and receive this certification. You do have to register with ISC2 for their yearly membership, called an Annual Maintenance Fee (AMF) at $50 USD, but only after you pass the certification. That is a reasonable price to join a professional organization and to get tracked into a future path for the professional certification like the SSCP, CCSP, and CISSP.

I’m live with the Lets Encrypt certificates for the blog.mcgarrah.org website. This has been awhile in the making and I’m kind of excited. I’m on a legacy environment with Ubuntu 12.04 LTS so part of the process is manual but certificate update just happens nicely. Updating the Apache config files has a little bit of effort but nothing too bad.

I’m beginning to setup enough infrastructure that a wildcard certificate would be nice but I’m uninterested in paying several hundred dollars a year for that certificate. The free certs that used to be around just are not there anymore so far as I can see. My goal is to setup SSL certificates for both my email server and all the virtual host web sites I’m hosting under my mcgarrah.org domain for less than a hundred dollars a year.