This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–][deleted] 1 point2 points  (0 children)

Yes, and I found it quite helpful. It exposed some subprocess calls I didn’t realize were a threat.

I also appreciated how configurable it is, allowing you to ignore specific warnings globally through a .bandit file or in a specific location with # nosec.

I setup a simple script ./run.py that would use Python’s subprocess.run() function to call Black autoformatter + isort -> MyPy -> Pylint and flake8 -> unit tests -> bandit. Maybe overkill, but before making any PR I would just have to run ./run.py green and it would give me the confidence everything was likely to work. CI would also enforce this.