Python: [FEATURE] Python Security Workflow (Fuzzing + SAST)

[tduhamel42]

Use Case

Why is this Python workflow needed?
E.g., automating fuzzing with Atheris, checking dependencies with pip-audit, enforcing static checks via bandit or pylint.

Proposed Solution

How should this workflow work in FuzzForge?

• Fuzzing: Fuzzing with Atheris, coverage-guided input generation.
• SAST: Dependency scanning with pip-audit, security linting with bandit, type safety with mypy.
• Combined: A “Python Security” workflow template that includes both fuzzing + static analysis.

Alternatives

Using Snyk, Dependabot only, or running tools manually.

Implementation

(Optional) Ideas: GitHub Actions with setup-python, caching virtualenvs, running atheris + bandit.

Category

• 🛠 Workflow Automation
• 🔗 Fuzzer Integration
• 🔍 SAST / Static Analysis

Additional Context

Links:

• Atheris
• pip-audit
• bandit

[tduhamel42]

Closing — FuzzForge has been fully rewritten with a new module-based architecture (PR #38). The old workflow system (Temporal + vertical workers) has been replaced by containerized modules orchestrated via MCP. Language-specific security workflows will be implemented as new modules going forward.