astro-sdk icon indicating copy to clipboard operation
astro-sdk copied to clipboard

Published 20 hours ago verified publisher icon astronomer

Add `bandit` for finding common security issues in the code

Open kaxil opened this issue 2 years ago • 3 comments

kaxil avatar Apr 05 '22 00:04 kaxil

@tatiana has another recommendation around "safety" package

kaxil avatar Apr 05 '22 11:04 kaxil

Safety may complement or be a replacement for Bandit: https://pypi.org/project/safety/ It may be worth checking them both and making a decision on this.

tatiana avatar Apr 05 '22 11:04 tatiana

Afaik bandit is for finding sec vuln in our code and safety is for checking overall sec vuln. It checks also your python deps. Another alternative would be native github codeql.

For this ticket, I would say as a first step bandit is great. We can easily add a pre-commit for that.

feluelle avatar Aug 16 '22 08:08 feluelle