ericwb
commented
9 months ago I suggest any OSSFuzz code kept in a separate repo from Bandit. I don't know the exact details of this integration, but I don't see much overlap in these two tools. That being said, Bandit has a plugin model using Stevedore.
Good evening,
I am looking to integrate bandit into OSSFuzz. If you are not familiar with OSSFuzz, it is Google's platform for continuous fuzzing of open-source software. In order to get the most out of this program, it would be greatly beneficial to be able to merge in my fuzz harness and build scripts into the upstream repository and contribute bug fixes if they come up. Is this something that you would support me putting the effort into?
Thank you in advance!