Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add bandit workflow #552

Closed
amontanez24 opened this issue Apr 4, 2024 · 0 comments · Fixed by #556
Closed

Add bandit workflow #552

amontanez24 opened this issue Apr 4, 2024 · 0 comments · Fixed by #556
Assignees
@R-Palazzo
Labels
maintenance Tasks related to infrastructure & dependencies
Milestone
0.14.0

Comments

@amontanez24
Copy link
Contributor

Problem Description

As a developer, it would be useful to get a static code analysis of our library every so often so we aren't accidently introducing known vulnerabilities.

Expected behavior

  • Add a Github Actions workflow that runs when a release is made. This action should
    • Run Bandit
    • Store the output as a file at the base level of the repo
  • Make sure the file doesn't get included when creating the package for SDMetrics

Additional context

  • See this PR for inspiration
    Bandit is an open sourced tool that can be used to scan python code for vulnerabilities.
@amontanez24 amontanez24 added the maintenance Tasks related to infrastructure & dependencies label Apr 4, 2024
@R-Palazzo R-Palazzo mentioned this issue Apr 8, 2024
Merged
@amontanez24 amontanez24 added this to the 0.14.0 milestone Apr 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@R-Palazzo R-Palazzo

Labels
maintenance Tasks related to infrastructure & dependencies
Projects
None yet
Milestone
0.14.0
Development

Successfully merging a pull request may close this issue.

Add bandit workflow sdv-dev/SDMetrics
2 participants
@amontanez24 @R-Palazzo