search

holoviz / panel

Panel: The powerful data exploration & web app framework for Python
https://panel.holoviz.org
BSD 3-Clause "New" or "Revised" License
4.69k stars 508 forks source link

Improve Snyk assessment #4260

Open MarcSkovMadsen opened 1 year ago

MarcSkovMadsen commented 1 year ago

Snyk Advisor is a quick way to see if a package is safe to use. This might be used to pre-screen data app frameworks.

Both Streamlit and Dash score 97/100 points. Panel scores 90/100 points.

See https://snyk.io/advisor/python/panel

As far as I can see we are missing

Snyk also evaluates the usage of Panel as uncommon. There are not so many public projects using the framework. I don't know if this contributes to the score.

image.

philippjfr commented 1 year ago

No objection to adding a CONTRIBUTING.MD. @maximlt @droumis I think we should add that as part of the overhaul of the developer docs.

On the funding front I don't really get how they assess that.

philippjfr commented 1 year ago

Oh we should also have a documented security policy. I don't know offhand what the standard way of doing that is but we should set up a vulnerability disclosure program with a dedicated email address.

MarcSkovMadsen commented 1 year ago

For inspiration here are links to a few CONTRIBUTING.md files

MarcSkovMadsen commented 7 months ago

We now have same score as comparable frameworks. The thing we can improve is addd a security policy.