Skip to content

fix: add bandit SAST + pip-audit to CI, fix assert in production code#20

Merged
devonartis merged 1 commit intodevelopfrom
fix/security-gates
Apr 17, 2026
Merged

fix: add bandit SAST + pip-audit to CI, fix assert in production code#20
devonartis merged 1 commit intodevelopfrom
fix/security-gates

Conversation

@devonartis
Copy link
Copy Markdown
Owner

Summary

  • bandit SAST — scans src/ for Python security issues (new CI gate)
  • pip-audit — checks dependencies against OSV/PyPI vulnerability databases (new CI gate)
  • Fix assertorchestrator.py:83 used assert which is stripped by python -O; replaced with explicit AgentWritError raise
  • Dep upgrades — 4 packages with known CVEs patched (cryptography, pygments, pytest, python-multipart)

Test plan

  • uv run bandit -r src/ -q — clean (0 findings after fix)
  • uv run pip-audit — clean (0 vulnerabilities after upgrades)
  • uv run ruff check . — pass
  • uv run mypy --strict src/ — pass
  • uv run pytest tests/unit/ -q — 99 pass
  • CI gates pass (11 gates now: 9 existing + bandit + pip-audit)

Closes #19
Refs devonartis/agentwrit#31

Generated with Claude Code

- Replace assert with AgentWritError raise in orchestrator.py:83
  (bandit B101: assert stripped by python -O)
- Add bandit SAST gate to CI — scans src/ for security issues
- Add pip-audit gate to CI — checks deps against vulnerability DBs
- Upgrade 4 vulnerable deps: cryptography 46.0.5→46.0.7,
  pygments 2.19.2→2.20.0, pytest 9.0.2→9.0.3,
  python-multipart 0.0.24→0.0.26

Closes #19
Refs devonartis/agentwrit#31

Generated with Claude Code Harness Agent

Co-Authored-By: Claude <claude@anthropic.com>
@devonartis devonartis merged commit 89a7e8c into develop Apr 17, 2026
11 checks passed
@devonartis devonartis deleted the fix/security-gates branch April 17, 2026 20:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants