bandit icon indicating copy to clipboard operation
bandit copied to clipboard

Published 20 hours ago verified publisher icon PyCQA

Official Dockerhub image

Open pzelnip opened this issue 3 years ago • 4 comments

Is your feature request related to a problem? Please describe.

For CI pipelines it can be convenient to run a linting/checking tool from a Docker image. For example, Pyup provides their safety tool as a Docker image that you can run in a CI pipeline with:

cat requirements.txt | docker run -i --rm pyupio/safety safety check --stdin

This is useful so that instead of ensuring that safety is installed on a CI worker, you just pull the image and run.

It would be great to have a similar image for Bandit. There's a handful of ones I see in Dockerhub that have been created by random people and haven't been updated in some time, so it'd be great to have an official supported image that's kept up to date.

Describe the solution you'd like

A Docker image in Dockerhub that contains Bandit, tagged with the version that is installed in the image (latest always being the most recently released version of Bandit)

Describe alternatives you've considered

Currently I build my own image and install bandit into it, but it'd be nice to not have to maintain that and have an official image that can be used by the community at large.

Additional context

N/A

pzelnip avatar Mar 13 '21 19:03 pzelnip

For those looking for something in the interim before this issue is addressed, In the absence of an official PyCQA endorsed image, this one works: https://github.com/cytopia/docker-bandit

pzelnip avatar Mar 14 '21 17:03 pzelnip

Good idea @pzelnip , I will look into this.

lukehinds avatar Mar 27 '21 09:03 lukehinds

Let me know if you want help @lukehinds!

dlorenc avatar Mar 27 '21 11:03 dlorenc

Started getting a repo and org setup on dockerhub: https://hub.docker.com/repository/docker/pycqa/bandit/general

ericwb avatar Jan 24 '24 03:01 ericwb