Port bandit to reviewdog

brave / security-action

Composite GitHub CI Action containing the minimal viable security lint for brave repositories

Mozilla Public License 2.0

17 stars 6 forks source link

Open thypon opened 1 year ago

thypon commented 1 year ago

~~This are used in publishers and should be included in reviewdog~~

bcaller commented 1 year ago

Not a fan of bandit, is there anything in particular you believe it will find that semgrep won't?

thypon commented 1 year ago

I consider it more a brakeman for python than anything else. Still trying to figure out any recall rate VS semgrep.