Scanning Jupyter subprojects for vulnerabilities

jupyter / security

BSD 3-Clause "New" or "Revised" License

19 stars 7 forks source link

Scanning Jupyter subprojects for vulnerabilities #38

Closed jasongrout closed 2 years ago

jasongrout commented 2 years ago

Recently at PyCon US, I talked with several vendors who offer security scanning tools for codebases about doing free scans of Jupyter subprojects. Is there anyone in the security group that would like to join or take the lead in conversations around this topic?

rpwagner commented 2 years ago

I would be interested in at least joining to see how these tools might fit the Jupyter landscape. We could pick some high-priority repos, like JupyterHub, Jupyter Server, JupyterLab, etc., as the base use cases.

rpwagner commented 2 years ago

@jasongrout our next Security Subproject meeting is next week (Tuesday, June 7, 8:00 a.m. PDT). Any chance you can make that to talk about this with the group?

jasongrout commented 2 years ago

Follow-up: we discussed security scanning in the meeting, and are following up in email conversations with potential vendors.