diff --git a/gitgalaxy/requirements.txt b/gitgalaxy/requirements.txt index 699bbd95..61466855 100644 --- a/gitgalaxy/requirements.txt +++ b/gitgalaxy/requirements.txt @@ -10,7 +10,7 @@ build==1.4.3 certifi==2026.2.25 cffi==2.0.0 charset-normalizer==3.4.7 -click==8.3.1 +click==8.3.3 colorama==0.4.6 contourpy==1.3.3 coverage==7.14.0 @@ -79,7 +79,7 @@ parso==0.8.7 pathspec==1.0.4 pexpect==4.9.0 pickleshare==0.7.5 -pillow==12.2.0 +pillow==12.3.0 pipreqs==0.5.0 platformdirs==4.9.4 plotly==6.8.0 diff --git a/templates/bitbucket/bitbucket-pipelines.yml b/templates/bitbucket/bitbucket-pipelines.yml index 4fd99c21..8a6c06fc 100644 --- a/templates/bitbucket/bitbucket-pipelines.yml +++ b/templates/bitbucket/bitbucket-pipelines.yml @@ -22,3 +22,16 @@ pipelines: artifacts: # 3. Publish SARIF telemetry for Bitbucket Code Insights - gitgalaxy-results_sarif.json + + custom: + manual-security-scan: + - step: + name: 'GitGalaxy Zero-Trust Spectral Audit (Manual)' + caches: + - pip + script: + - pip install --upgrade pip + - pip install gitgalaxy>=2.4.0 networkx tiktoken xgboost pandas numpy + - galaxyscope gitgalaxy/ --max-risk-exposure ${GITGALAXY_MAX_RISK:-95} --fail-on-secrets --fail-on-malware --sarif-only --output gitgalaxy-results_sarif.json + artifacts: + - gitgalaxy-results_sarif.json \ No newline at end of file