serve icon indicating copy to clipboard operation
serve copied to clipboard

Published 20 hours ago verified publisher icon pytorch

CI: missing security check for security issues in the codebase

Open ChengyuZhu6 opened this issue 5 months ago • 1 comments

🐛 Describe the bug

Currently, the project does not have a security linter integrated into its CI pipeline. This poses potential risks as security vulnerabilities in Python code can go undetected. I found many high security issues using Bandit

Error logs

security-issues.log

Installation instructions

No

Model Packaging

No

config.properties

No response

Versions

No

Repro instructions

Reproduce:

> pip install bandit
> bandit -r . --severity-level high -s B501 # Skip the B501 rule related to SSL certificate validation checks

Possible Solution

Add Security Check Using Bandit in CI

ChengyuZhu6 avatar Sep 12 '24 08:09 ChengyuZhu6