Skip to content

Investigate utility of Bandit for security static analysis of packages #83

New issue
New issue
Open
Open
Investigate utility of Bandit for security static analysis of packages#83
Labels
questionFurther information is requestedsecurityIssues related to security, not specifically security incidents
@tim-schilling

Description

@tim-schilling
tim-schilling
opened on May 28, 2025

Seth Larson, PSF security developer in residence, recommended that we look into using Bandit, a tool to find common security issues in Python code.

I think there are a few directions we could take this:

  1. Define a pattern/playbook for maintainers to use in their own project on a periodic basis
  2. Define a pattern/playbook for Django Commons security team to evaluate the eco-system on a periodic basis

I think this could also be recorded and uploaded to our youtube account.

Metadata

Metadata

Assignees

No one assigned

    Labels

    questionFurther information is requestedsecurityIssues related to security, not specifically security incidents

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions