search

PyCQA / bandit

Bandit is a tool designed to find common security issues in Python code.
https://bandit.readthedocs.io
Apache License 2.0
6.38k stars 603 forks source link

Official Dockerhub image #697

Open pzelnip opened 3 years ago

pzelnip commented 3 years ago

Is your feature request related to a problem? Please describe.

For CI pipelines it can be convenient to run a linting/checking tool from a Docker image. For example, Pyup provides their safety tool as a Docker image that you can run in a CI pipeline with:

cat requirements.txt | docker run -i --rm pyupio/safety safety check --stdin

This is useful so that instead of ensuring that safety is installed on a CI worker, you just pull the image and run.

It would be great to have a similar image for Bandit. There's a handful of ones I see in Dockerhub that have been created by random people and haven't been updated in some time, so it'd be great to have an official supported image that's kept up to date.

Describe the solution you'd like

A Docker image in Dockerhub that contains Bandit, tagged with the version that is installed in the image (latest always being the most recently released version of Bandit)

Describe alternatives you've considered

Currently I build my own image and install bandit into it, but it'd be nice to not have to maintain that and have an official image that can be used by the community at large.

Additional context

N/A

pzelnip commented 3 years ago

For those looking for something in the interim before this issue is addressed, In the absence of an official PyCQA endorsed image, this one works: https://github.com/cytopia/docker-bandit

lukehinds commented 3 years ago

Good idea @pzelnip , I will look into this.

dlorenc commented 3 years ago

Let me know if you want help @lukehinds!

ericwb commented 8 months ago

Started getting a repo and org setup on dockerhub: https://hub.docker.com/repository/docker/pycqa/bandit/general