Open BryceStevenWilley opened 11 months ago
I've modified my github action steps to include the following:
- run: pip install bandit
shell: bash
- run: bandit -r ./docassemble
shell: bash
That then runs within just the docassemble package directory (as opposed to the entire virtual environment). If it finds something it errors and ends the action.
https://bandit.readthedocs.io/en/latest/
Runs quickly, and gives IMO okay suggestions (not critical, but still good coding practices). But, it's an easy lift, and good to have. If you don't want them, you can adjust what warnings you want to see in your pyproject.toml, which we essentially already require for mypy.
Or to skip everything: