astro-sdk
astro-sdk copied to clipboard
Add `bandit` for finding common security issues in the code
@tatiana has another recommendation around "safety" package
Safety may complement or be a replacement for Bandit: https://pypi.org/project/safety/ It may be worth checking them both and making a decision on this.
Afaik bandit is for finding sec vuln in our code and safety is for checking overall sec vuln. It checks also your python deps. Another alternative would be native github codeql.
For this ticket, I would say as a first step bandit is great. We can easily add a pre-commit for that.