add ament_bandit wrapper

ament / ament_lint

Apache License 2.0

38 stars 107 forks source link

add ament_bandit wrapper #439

Closed florcabral closed 11 months ago

florcabral commented 1 year ago

Contribute a new wrapper for the Bandit static analyzer.

clalancette commented 1 year ago

My major question with this PR is: does this need to be in the ament_lint core? That is, it would be much easier to just release this into ROS 2 as a separate package, which would:

Make it easier to make changes (you wouldn't have to wait for core maintainers to have time to review things).
Not subject it to the stricter rules of being in the core.
Reduce the support burden on the ament_lint maintainers.

Thoughts?

tfoote commented 1 year ago

I think it would be good to release this as a separate package initially. That way it can be used, validated and iterated upon with at a faster rate. Once it's more mature we can consider bringing it into the default installation and into this repo too.

clalancette commented 11 months ago

Given the previous comments, I'm going to close this out for now. But do please consider releasing ament_bandit as a standalone package.