CodeQL alternative for local/private security scanning

viperior / python-project-template

Python project template with a starting structure, CI/CD. linting, testing, and code coverage analysis

MIT License

3 stars 2 forks source link

CodeQL alternative for local/private security scanning #55

Open viperior opened 2 years ago

viperior commented 2 years ago

Discussed in https://github.com/viperior/python-project-template/discussions/42

^{Originally posted by **viperior** May 6, 2022} CodeQL analysis is not available to non-public, non-enterprise GitHub accounts as of May 2022. Explore the use of the `bandit` Python module in a GitHub Actions workflow to provide a layer of Python code security scanning that will work for a broader user base than CodeQL currently supports for free.

viperior commented 2 years ago

Also check out https://github.com/pyupio/safety