search

pytorch / serve

Serve, optimize and scale PyTorch models in production
https://pytorch.org/serve/
Apache License 2.0
4.19k stars 858 forks source link

CI: missing security check for security issues in the codebase #3311

Open ChengyuZhu6 opened 1 month ago

ChengyuZhu6 commented 1 month ago

🐛 Describe the bug

Currently, the project does not have a security linter integrated into its CI pipeline. This poses potential risks as security vulnerabilities in Python code can go undetected. I found many high security issues using Bandit

Error logs

security-issues.log

Installation instructions

No

Model Packaging

No

config.properties

No response

Versions

No

Repro instructions

Reproduce: 

> pip install bandit
> bandit -r . --severity-level high -s B501 # Skip the B501 rule related to SSL certificate validation checks

Possible Solution

Add Security Check Using Bandit in CI

mreso commented 1 month ago

Thanks @ChengyuZhu6 for flagging this and creating your PR! We will take a look!