Closed LanderU closed 3 years ago
LanderU
commented
3 years ago There are more issues regarding to this code, but not sure where I need to open the tickets. You can consider to add a new stage in your build pipeline and add support to Bandit on this repo.
LanderU
commented
3 years ago FYI, this is the full report after applying this patch:
Code scanned:
Total lines of code: 7126
Total lines skipped (#nosec): 0
Run metrics:
Total issues (by severity):
Undefined: 0.0
Low: 13.0
Medium: 0.0
High: 4.0
Total issues (by confidence):
Undefined: 0.0
Low: 0.0
Medium: 0.0
High: 17.0
Files skipped (0):And before:
Code scanned:
Total lines of code: 7126
Total lines skipped (#nosec): 0
Run metrics:
Total issues (by severity):
Undefined: 0.0
Low: 13.0
Medium: 13.0
High: 4.0
Total issues (by confidence):
Undefined: 0.0
Low: 0.0
Medium: 0.0
High: 30.0
Files skipped (0):
vmayoral
commented
3 years ago Thanks! Well spotted.
vmayoral
commented
3 years ago There are more issues regarding to this code, but not sure where I need to open the tickets. You can consider to add a new stage in your build pipeline and add support to Bandit on this repo.
Any contributions are more than welcome in here 👍 .
vmayoral
commented
3 years ago Tagged as invalid to avoid conflicts with autogenerated reports.
vmayoral
commented
3 years ago @LanderU I've updated the roadmap and a few items for security-related matters including one for static analysis to be met before 1.0. It would be a good contribution to prototype a first iteration with bandit at https://github.com/aliasrobotics/RVD/tree/master/.github/workflows, with other workflows (e.g. in a new security.yml file).
LanderU
commented
3 years ago Any contributions are more than welcome in here +1 .
Sure thing, if I've enough bandwidth I'll try to add this to your pipeline. Also, It would be great if we create a template function to open the yml because is used across modules.
Singed-off-by: LanderU lander.usategui@gmail.com