supervision
supervision copied to clipboard
roboflow
Create lintscan
lint Complete code scanner
Description
Please include a summary of the change and which issue is fixed or implemented. Please also include relevant motivation and context (e.g. links, docs, tickets etc.).
List any dependencies that are required for this change.
Type of change
Please delete options that are not relevant.
- [ ] Bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [ ] This change requires a documentation update
How has this change been tested, please provide a testcase or example of how you tested the change?
YOUR_ANSWER
Any specific deployment considerations
For example, documentation changes, usability, usage/costs, secrets, etc.
Docs
- [ ] Docs updated? What were the changes:
@sharkeshd 👋 hello, first of all thank you for pull request. I understand that devskim github action created and I checked devskim cli and setup in my computer to see which security problems we can detect but most of them was false positive and personally I found hard to understand but in cli because json file parsing not enough and we have "bandit" and "synk" If you check our readme file you can see health plus we do have github dependency bot checking package version for keep us update to date and also check for security vulnerabilities. If I was going to setup github action I personally would choice "https://github.com/pyupio/safety" which is more optimized to python code and gives better result, I think devskim not mature enough to enable in my tests. Maybe there is something I don't know but I spend good amount of time to see how is it going to react but I didn't see much of a benefit as well.
Thank you.
cc @LinasKo
Thank you for checking this, @onuralpszr.
If it adds no benefit thus far and even shows false-positives, then it's not the right tool for the job.
