bandit
bandit copied to clipboard
PyCQA
Bandit is a tool designed to find common security issues in Python code.
In Azure Pipelines, the exit code of a command determines the success or failure of a task. If any task in the pipeline fails, the entire pipeline run shows as...
B405 complains about any xml.etree.ElementTree import, not just parse-related ones Importing like so ``` from defusedxml.ElementTree import Element ``` gives a bandit error (B405). This error talks about parsing (which...
**Is your feature request related to a problem? Please describe.** Bandit could use some more focus on being performant. Currently there really isn't any testing of performance other than user...
I tried looking at bandit-action docs at your official site and GitHub and I couldn't find any detailed explanation and implementation to study. For people who want to use them,...
updates: - [github.com/psf/black-pre-commit-mirror: 24.4.2 → 24.8.0](https://github.com/psf/black-pre-commit-mirror/compare/24.4.2...24.8.0) - [github.com/asottile/pyupgrade: v3.16.0 → v3.17.0](https://github.com/asottile/pyupgrade/compare/v3.16.0...v3.17.0)
![pre-commit-ci[bot] avatar](https://avatars.githubusercontent.com/in/68672?v=4 "pre-commit-ci[bot] avatar"){kind=avatar}
### Describe the bug I am using the below imports to construct the XML but I am not parsing the XML with the any of the below module or sub...
When importing one of many XML packages, one is presented with the following message: > Using various methods to parse untrusted XML data is known to be vulnerable to >...
The tox.ini still had some test environments specifically for testing within OpenStack. This is no longer needed. Also no longer necessary is stestr configuration that used OpenStack variables.
The FLOSS/fund is running a program to invest support in critical, impactful, and valuable open source projects. Adding this file doesn't guarantee funding, but raises awareness Bandit is seeking it....
The PyPI warehouse supports a number of custom links to display on the project page. Of interest to Bandit are the links to the docs, sponsors, and discord. https://github.com/pypi/warehouse/blob/main/warehouse/templates/packaging/detail.html