-
Notifications
You must be signed in to change notification settings - Fork 187
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add Bandit security scanning to CI (#100)
- Loading branch information
1 parent
460d2cd
commit db857f3
Showing
5 changed files
with
50 additions
and
10 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
[bandit] | ||
# Skip the venv/ directory when scanning. | ||
exclude: venv | ||
|
||
# Skip the following tests: | ||
# | ||
# - [B303:blacklist] Use of insecure MD2, MD4, or MD5 hash function. | ||
# Severity: Medium Confidence: High | ||
# We have to include MD5 file hashes for compatibility with other security tools, | ||
# but we also include SHA256 hashes. | ||
# | ||
# - [B322:blacklist] On Python 2, use raw_input instead, input is safe in Python 3. | ||
# Severity: High Confidence: High | ||
# The input() function is safe in Python 3. | ||
# | ||
# - [B404:blacklist] Consider possible security implications associated with subprocess module. | ||
# Severity: Low Confidence: High | ||
# There are other warnings specific to subprocess calls (e.g. B603, B607) | ||
# | ||
# - [B603:subprocess_without_shell_equals_true] subprocess call - check for execution of untrusted input. | ||
# Severity: Low Confidence: High | ||
# Subprocess is used primarily in the CLI and is safe from shell injection when shell=False. | ||
# | ||
# - [B607:start_process_with_partial_path] Starting a process with a partial executable path | ||
# Severity: Low Confidence: High | ||
# For portability, we use 'terraform' and 'git' instead of the full executable filepaths. | ||
skips: B303,B322,B404,B603,B607 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,5 @@ | ||
backoff | ||
bandit | ||
boto3 | ||
cbapi==1.3.4 | ||
coverage | ||
|