Skip to content

Add bandit security check CI/CD job #103

New issue
New issue
Open
Task
Open
Add bandit security check CI/CD job#103
Task
Labels
beginnerbeginner level good first issues, usually issues that can worked on without skimming the whole repogood first issueGood for newcomers
Milestone
CI/CD
@VigneshVSV

Description

@VigneshVSV
VigneshVSV
opened on Aug 31, 2025

Bandit is a tool that analyses code for security flaws in python. We should note down if we override any vulnerabilities (meaning, those that pretend to be vulnerabilites, not real ones) and let the users know:

  • what was overriden
  • why
  • where

Ideally, this should be an empty list, but I guess it will not be.

Steps to integrate:

  • create a CI/CD job that will include bandit. Edit pyproject.toml to exclude all files and folders except the source folder. let the job be allowed to fail now, in case there are security issues at the time of working on this. The success requirement of this job per merge request can be enforced in a follow up ticket.
  • add a markdown file security.md (and a subsection - bandit) that will include the security flaws reported. A table with file name, security flaw seen, why it was overcome, a custom numerical ID or serial number for the flaw (so that it can be recognised by ID instead of line number) should be mentioned
  • bandit job should precede test job, add it in a stage called security
  • add bandit to dev dependency

Metadata

Metadata

Assignees

No one assigned

    Labels

    beginnerbeginner level good first issues, usually issues that can worked on without skimming the whole repogood first issueGood for newcomers

    Type

    Task

    Projects

    hololinked

    Status

    Ready

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions