Merge pull request openvinotoolkit#14 from mryzhov/sdl

[CI] sdl tests

.github/workflows/linux.yml

@@ -289,11 +289,6 @@ jobs:
             python3 -m pip install $wheel_name[dev]
           popd
 
-      - name: Tokenizers Bandit tests
-        run: |
-          bandit -c pyproject.toml -r python
-        working-directory: ${{ env.OPENVINO_TOKENIZERS_REPO }}
-
       - name: Tokenizers regression tests
         run: |
           python3 -m pytest tokenizers_test.py

.github/workflows/mac.yml

@@ -14,6 +14,7 @@ concurrency:
 
 env:
   PYTHON_VERSION: '3.11'
+  MACOSX_DEPLOYMENT_TARGET: '10.12'
 
 jobs:
   openvino_build:

.github/workflows/sdl.yml

@@ -0,0 +1,55 @@
+name: OpenVINO tokenizers sdl tests
+on:
+  workflow_dispatch:
+  pull_request:
+  push:
+    branches:
+      - master
+      - 'releases/**'
+
+permissions:
+  actions: read
+  contents: read
+  security-events: write
+
+concurrency:
+  # github.ref is not unique in post-commit
+  group: ${{ github.event_name == 'push' && github.run_id || github.ref }}-linux-sdl
+  cancel-in-progress: true
+
+env:
+  PYTHON_VERSION: '3.11'
+
+jobs:
+  sdl_tests:
+    name: SDL tests
+    timeout-minutes: 5
+    defaults:
+      run:
+        shell: bash
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Clone Openvino tokenizers sources and tests
+        uses: actions/checkout@v4
+
+      - name: Setup Python ${{ env.PYTHON_VERSION }}
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ env.PYTHON_VERSION }}
+          cache: 'pip'
+
+      - name: Install Python tests dependencies
+        run: |
+          python3 -m pip install bandit
+
+      - name: Tokenizers Bandit tests
+        run: |
+          bandit -c pyproject.toml -r python
+
+      - name: Run Trivy vulnerability scanner in fs mode
+        uses: aquasecurity/trivy-action@master
+        with:
+          scan-type: 'fs'
+          scan-ref: '.'
+