Linting and Security Scans

[GA-XavierGonzalez]

Adds the following workflows

1. Gitleaks

• Checks your commit for leaked secrets

2. Python Lint

• Runs ruff check on all changes to .py files
• Will also run Bandit, giving a helpful list of security suggestions via the Security tab on GitHub

3. Trivy Vulnerability scan

• dive.yml has been refactored to scan-image.yml
• now runs trivy on the image locally once built (instead of pulling it from dockerhub or ECR)
• This prevents us from pushing unsecure images to our repos and saves us from having to build the image twice.

[github-actions]

🛑 Gitleaks has detected a secret with rule-id aws-access-token in commit 1fed60e.
If this secret is a true positive, please rotate the secret ASAP.

If this secret is a false positive, you can add the fingerprint below to your .gitleaksignore file and commit the change to this branch.

echo 1fed60ebcd9e277d75ae14a1dca176fdb770aeb0:nci_environment/build_environment_module.py:aws-access-token:93 >> .gitleaksignore

[github-actions]

🛑 Gitleaks has detected a secret with rule-id discord-client-secret in commit f689034.
If this secret is a true positive, please rotate the secret ASAP.

If this secret is a false positive, you can add the fingerprint below to your .gitleaksignore file and commit the change to this branch.

echo f6890348a8f74d5367462117e277e9d387fb2132:nci_environment/build_environment_module.py:discord-client-secret:71 >> .gitleaksignore

[github-actions]

🛑 Gitleaks has detected a secret with rule-id discord-client-secret in commit dc30e25.
If this secret is a true positive, please rotate the secret ASAP.

If this secret is a false positive, you can add the fingerprint below to your .gitleaksignore file and commit the change to this branch.

echo dc30e2592d3f159e4a7bd62904ee7473dcaa9410:docker/README.md:discord-client-secret:30 >> .gitleaksignore

[github-actions]

🛑 Gitleaks has detected a secret with rule-id discord-client-secret in commit 4eb79c8.
If this secret is a true positive, please rotate the secret ASAP.

If this secret is a false positive, you can add the fingerprint below to your .gitleaksignore file and commit the change to this branch.

echo 4eb79c830711eb19a69cf260d74bd94187a34922:nci_environment/build_environment_module.py:discord-client-secret:92 >> .gitleaksignore

[github-actions]

🛑 Gitleaks has detected a secret with rule-id discord-client-secret in commit ff16650.
If this secret is a true positive, please rotate the secret ASAP.

If this secret is a false positive, you can add the fingerprint below to your .gitleaksignore file and commit the change to this branch.

echo ff166501b5da584bd5cac71eea6d6a1f6b2ee86a:nci_environment/build_environment_module.py:discord-client-secret:47 >> .gitleaksignore

[github-actions]

Installed packages:

absl-py==2.3.1
access==1.1.9
affine==2.4.0
ai-edge-litert==2.1.0
aiobotocore==2.25.2
aiohappyeyeballs==2.6.1
aiohttp==3.13.3
aioitertools==0.12.0
aiosignal==1.4.0
alabaster==1.0.0
alembic==1.18.1
amply==0.1.6
annotated-types==0.7.0
antimeridian==0.4.4
anyio==4.12.1
argon2-cffi==25.1.0
argon2-cffi-bindings==25.1.0
arrow==1.4.0
asciitree==0.3.3
astropy==6.1.7
astropy-iers-data==0.2026.1.12.0.42.13
asttokens==3.0.1
astunparse==1.6.3
async_generator==1.10
async-lru==2.0.5
async-timeout==5.0.1
attrs==25.4.0
autopep8==2.3.2
babel==2.17.0
backports.strenum==1.3.1
backports.tarfile==1.2.0
beautifulsoup4==4.14.3
black==25.12.0
bleach==6.3.0
blinker==1.9.0
bokeh==3.8.1
boltons==25.0.0
boto3==1.40.70
botocore==1.40.70
Bottleneck==1.6.0
branca==0.8.2
Brotli==1.1.0
build==1.4.0
CacheControl==0.14.3
cached-property==1.5.2
cachetools==6.2.4
Cartopy==0.25.0
cattrs==25.3.0
certifi==2026.1.4
certipy==0.2.2
cffi==2.0.0
cftime==1.6.5
charset-normalizer==3.4.4
checksumdir==1.2.0
ciso8601==2.3.3
cleo==2.1.0
click==8.1.8
click-plugins==1.1.1.2
cligj==0.7.2
cloudpickle==3.1.2
cmocean==4.0.3
cognitojwt==1.4.1
colorama==0.4.6
colorcet==3.1.0
colorspacious==1.1.2
colour==0.1.5
comm==0.2.3
contextily==1.7.0
contourpy==1.3.2
coverage==7.13.1
crashtest==0.4.1
cryptography==46.0.3
cycler==0.12.1
Cython==3.2.4
cytoolz==1.1.0
dask==2025.7.0
dask-gateway==2025.4.0
dask-glm==0.3.2
dask-image==2025.11.0
dask_labextension==7.0.0
dask-ml==2025.1.0
datacube==1.9.13
datacube_ows==1.9.7
datadog==0.52.1
datashader==0.18.2
dea-tools==0.4.7
debugpy==1.8.19
decorator==5.2.1
deepdiff==8.6.1
defusedxml==0.7.1
deprecat==2.1.3
deprecation==2.1.0
descartes==1.1.0
dill==0.4.0
distlib==0.4.0
distributed==2025.7.0
docutils==0.22.4
dulwich==0.22.8
ecdsa==0.19.1
eo-tides==0.10.2
eodatasets3==1.9.3
ephem==4.2
esda==2.7.0
exceptiongroup==1.3.1
executing==2.2.1
fasteners==0.19
fastjsonschema==2.21.2
ffmpeg-python==0.2.0
filelock==3.20.3
findpython==0.6.3
fiona==1.10.1
Flask==3.1.2
flask-babel==4.0.0
flatbuffers==25.9.23
flox==0.10.4
folium==0.20.0
fonttools==4.61.1
fqdn==1.5.1
frozenlist==1.7.0
fsspec==2026.1.0
future==1.0.0
gast==0.7.0
gcsfs==2026.1.0
GDAL==3.10.0
GeoAlchemy2==0.18.1
geographiclib==2.1
geohash2==1.1
geojson==3.2.0
geomad==1.0.0
geopandas==1.1.2
geopy==2.4.1
geoviews==1.15.1
giddy==2.3.6
gitdb==4.0.12
GitPython==3.1.46
gmpy2==2.2.1
google-api-core==2.29.0
google-auth==2.41.1
google-auth-oauthlib==1.2.3
google-cloud-core==2.5.0
google-cloud-storage==3.8.0
google-cloud-storage-control==1.8.0
google-crc32c==1.8.0
google-pasta==0.2.0
google-resumable-media==2.8.0
googleapis-common-protos==1.72.0
greenlet==3.3.0
grpc-google-iam-v1==0.14.3
grpcio==1.67.1
grpcio-status==1.67.1
h11==0.16.0
h2==4.3.0
h3==4.4.1
h5py==3.13.0
hdstats==0.1.8.post1
HeapDict==1.0.1
holoviews==1.22.1
hpack==4.1.0
httpcore==1.0.9
httpx==0.28.1
hyperframe==6.1.0
idna==3.11
imagecodecs==2024.12.30
imageio==2.37.0
importlib_metadata==8.7.0
importlib_resources==6.5.2
inequality==1.1.1
iniconfig==2.3.0
installer==0.7.0
ipycanvas==0.14.3
ipycytoscape==1.3.3
ipyevents==2.0.4
ipyfilechooser==0.6.0
ipykernel==7.1.0
ipyleaflet==0.20.0
ipympl==0.9.8
ipython==8.37.0
ipython-genutils==0.2.0
ipywidgets==8.1.8
iso8601==2.1.0
isoduration==20.11.0
isort==7.0.0
itsdangerous==2.2.0
jaraco.classes==3.4.0
jaraco.context==6.1.0
jaraco.functools==4.4.0
jedi==0.19.2
jeepney==0.9.0
Jinja2==3.1.6
jmespath==1.0.1
joblib==1.5.3
json5==0.13.0
jsonpointer==3.0.0
jsonschema==4.26.0
jsonschema-specifications==2025.9.1
jupyter_bokeh==4.0.5
jupyter_client==8.8.0
jupyter_contrib_core==0.4.2
jupyter_contrib_nbextensions==0.7.0
jupyter_core==5.9.1
jupyter-events==0.12.0
jupyter-highlight-selected-word==0.2.0
jupyter-leaflet==0.20.0
jupyter-lsp==2.3.0
jupyter_nbextensions_configurator==0.6.4
jupyter-resource-usage==1.2.0
jupyter_server==2.17.0
jupyter_server_mathjax==0.2.6
jupyter_server_proxy==4.4.0
jupyter_server_terminals==0.5.3
jupyter-telemetry==0.1.0
jupyter-ui-poll==1.0.0
jupyterhub==4.1.5
jupyterlab==4.5.2
jupyterlab_code_formatter==2.2.1
jupyterlab-code-snippets==2.2.1
jupyterlab_geojson==3.4.0
jupyterlab_git==0.51.4
jupyterlab_github==4.0.0
jupyterlab_iframe==0.5.0
jupyterlab-language-pack-fr-FR==4.5.post1
jupyterlab_logout==1.1.0
jupyterlab_pygments==0.3.0
jupyterlab_server==2.28.0
jupyterlab-spellchecker==0.8.4
jupyterlab_theme_toggler==1.1.0
jupyterlab_topbar_text==1.1.0
jupyterlab_widgets==3.0.16
jupytext==1.18.1
keras==3.12.0
keyring==25.7.0
kiwisolver==1.4.9
lark==1.3.1
lazy_loader==0.4
legacy-cgi==2.6.4
libpysal==4.13.0
librt==0.7.8
lightgbm==4.6.0
line_profiler==5.0.0
linkify-it-py==2.0.3
llvmlite==0.46.0
lmdb==1.7.5
locket==1.0.0
looseversion==1.3.0
lxml==6.0.2
lz4==4.4.5
Mako==1.3.10
mapclassify==2.8.1
Markdown==3.10
markdown-it-py==4.0.0
MarkupSafe==3.0.3
matplotlib==3.10.8
matplotlib-inline==0.2.1
mdit-py-plugins==0.5.0
mdurl==0.1.2
mercantile==1.2.1
mgwr==2.2.1
mistune==3.2.0
ml-dtypes==0.4.0
momepy==0.9.1
more-itertools==10.8.0
morecantile==6.2.0
mpi4py==4.1.1
mpmath==1.3.0
msgpack==1.1.2
multidict==6.7.0
multipledispatch==0.6.0
multiprocess==0.70.18
munch==4.0.0
munkres==1.1.4
mypy==1.19.1
mypy_extensions==1.1.0
namex==0.1.0
narwhals==2.15.0
nbclient==0.10.4
nbconvert==7.16.6
nbdime==4.0.2
nbformat==5.10.4
nbgitpuller==1.2.2
nbval==0.11.0
nest_asyncio==1.6.0
netCDF4==1.7.2
networkx==3.4.2
notebook==7.5.2
notebook_shim==0.2.4
numba==0.63.1
numcodecs==0.13.1
numexpr==2.14.1
numpy==2.2.6
numpy-groupies==0.11.3
oauthlib==3.3.1
odc-algo==1.1.1
odc-apps-cloud==0.2.3
odc-apps-dc-tools==1.9.7
odc-cloud==0.2.5
odc-dscache==1.9.1
odc-geo==0.5.0
odc-io==0.2.2
odc-loader==0.6.4
odc-stac==0.5.1
odc-stats==1.9.7
odc-ui==0.2.1
opencv-contrib-python-headless==4.12.0.88
opencv-python-headless==4.12.0.88
opt_einsum==3.4.0
optree==0.18.0
ordered-set==4.1.0
orderly-set==5.5.0
osmnet==0.1.7
overrides==7.7.0
OWSLib==0.35.0
packaging==25.0
pamela==1.2.0
pandana==0.7
pandas==2.3.3
pandocfilters==1.5.0
panel==1.8.5
param==2.3.1
parso==0.8.5
partd==1.4.2
pathos==0.3.4
pathspec==1.0.3
patsy==1.0.2
pbs-installer==2025.12.17
pexpect==4.9.0
pickleshare==0.7.5
pillow==11.3.0
PIMS==0.7
pip==25.3
pkginfo==1.12.1.2
planetary-computer==1.0.0
platformdirs==4.5.1
plotly==6.0.1
pluggy==1.6.0
poetry==2.1.2
poetry-core==2.1.2
pointpats==2.5.2
pox==0.3.6
ppft==1.7.7
prometheus_client==0.24.1
prometheus_flask_exporter==0.23.2
prompt_toolkit==3.0.52
propcache==0.3.1
proto-plus==1.27.0
protobuf==5.28.3
psutil==7.2.1
psycopg2==2.9.10
ptyprocess==0.7.0
PuLP==2.8.0
pure_eval==0.2.3
py-cpuinfo==9.0.0
pyarrow==19.0.1
pyasn1==0.6.1
pyasn1_modules==0.4.2
pycodestyle==2.14.0
pycparser==2.22
pyct==0.6.0
pycurl==7.45.7
pydantic==2.12.5
pydantic_core==2.41.5
pydash==8.0.5
pydotplus==2.0.2
pyerfa==2.0.1.5
Pygments==2.19.2
PyJWT==2.10.1
pyogrio==0.10.0
pyOpenSSL==25.3.0
pyows==0.3.1
pyparsing==3.3.1
pyproj==3.7.1
pyproject_hooks==1.2.0
pyrsistent==0.20.0
pysal==25.1
pysheds==0.5
pyshp==3.0.3
PySide6==6.9.0
PySocks==1.7.1
pystac==1.14.3
pystac-client==0.9.0
pytest==9.0.2
python-box==7.3.2
python-dateutil==2.9.0.post0
python-dotenv==1.2.1
python-geohash==0.8.5
python-jose==3.5.0
python-json-logger==2.0.7
python-rapidjson==1.23
python-slugify==8.0.4
pyTMD==2.2.9.1
pytokens==0.3.0
pytz==2025.2
pyu2f==0.1.5
pyviz_comms==3.0.6
PyWavelets==1.8.0
PyYAML==6.0.3
pyzmq==27.1.0
quantecon==0.10.1
RapidFuzz==3.14.3
rasterio==1.4.4
rasterstats==0.20.0
referencing==0.37.0
regex==2026.1.14
requests==2.32.5
requests-aws4auth==1.1.1
requests-oauthlib==2.0.0
requests-toolbelt==1.0.0
rfc3339_validator==0.1.4
rfc3986-validator==0.1.1
rfc3987-syntax==1.1.0
rich==14.2.0
rio-cogeo==5.4.2
rio-stac==0.12.0
rios==2.0.8
rioxarray==0.19.0
rpds-py==0.30.0
rsa==4.9.1
rtree==1.4.1
ruamel.yaml==0.19.1
ruamel.yaml.clib==0.2.15
s2cloudmask==0.1
s3fs==2026.1.0
s3transfer==0.14.0
scikit-image==0.25.2
scikit-learn==1.7.2
scipy==1.14.1
seaborn==0.13.2
SecretStorage==3.4.1
segregation==2.5.3
Send2Trash==2.1.0
sentry-sdk==2.49.0
setuptools==80.9.0
setuptools-scm==9.2.2
shap==0.48.0
shapely==2.0.7
shellingham==1.5.4
shiboken6==6.9.0
sidecar==0.8.0
simpervisor==1.0.0
simplejson==3.20.2
six==1.17.0
slicer==0.0.8
slicerator==1.1.0
smmap==5.0.2
sniffio==1.3.1
snuggs==1.4.7
sortedcontainers==2.4.0
soupsieve==2.8.1
spaghetti==1.7.6
sparse==0.17.0
spectate==1.0.1
spglm==1.1.0
spint==1.0.7
splot==1.1.7
spopt==0.6.1
spreg==1.8.5
spvcm==0.3.0
spyndex==0.8.0
SQLAlchemy==2.0.45
stack_data==0.6.3
statsmodels==0.14.6
structlog==25.5.0
sympy==1.14.0
tables==3.10.1
tblib==3.2.2
tensorboard==2.18.0
tensorboard_data_server==0.7.0
tensorflow==2.18.0
tensorflow_estimator==2.15.0
termcolor==3.3.0
terminado==0.18.1
text-unidecode==1.3
threadpoolctl==3.6.0
thredds-crawler==1.5.4
tifffile==2025.5.10
timescale==0.1.1
timezonefinder==8.2.0
tinycss2==1.4.0
tl2cgen==1.0.0
tobler==0.12.1
toml==0.10.2
tomli==2.4.0
tomlkit==0.14.0
toolz==1.1.0
tornado==6.5.4
tornado_proxy_handlers==0.0.6
tqdm==4.67.1
traitlets==5.14.3
traittypes==0.2.3
treelite==4.6.1
trove-classifiers==2026.1.12.15
typing_extensions==4.15.0
typing-inspection==0.4.2
typing_utils==0.1.0
tzdata==2025.3
uc-micro-py==1.0.3
unicodedata2==17.0.0
urbanaccess==0.2.2
uri-template==1.3.0
urllib3==2.5.0
urlpath==1.2.0
virtualenv==20.36.1
voluptuous==0.16.0
wcwidth==0.2.14
webcolors==25.10.0
webencodings==0.5.1
websocket-client==1.9.0
Werkzeug==3.1.5
wheel==0.45.1
widgetsnbextension==4.0.15
wrapt==1.17.3
xarray==2025.6.1
xarray-spatial==0.5.2
xgboost==3.1.3
xyzservices==2025.11.0
yapf==0.43.0
yarl==1.22.0
zarr==2.18.3
zict==3.0.0
zipp==3.23.0
zstandard==0.25.0