-
Notifications
You must be signed in to change notification settings - Fork 0
Scan
Mateus Oliveira edited this page Sep 7, 2022
·
3 revisions
Security vulnerability scanners are important to assure the code can be run in a production environment.
The template enforces security in three ways:
- Bandit: if there are security issues in the Python code, for example, Bandit will indicate them.
- Safety: if there are security vulnerabilities in the Python dependencies, for example, Safety will indicate them.
-
Snyk: if there are security vulnerabilities in the Docker Image, for example, Snyk will indicate them. To run it, run
./scripts/docky.py scan.
But this is not enough to assure the code is totally secure. Testing for protection against SQL injection and exception handling are others ways to increase the project security.
The command dev scan --code (an alias to bandit --exclude ./tests,./.venv --recursive .) will check the project's Python code for security vulnerabilities.
The command dev scan --dependencies (an alias to safety check --full-report --file requirements/prod.txt && safety check --full-report --file requirements/dev.txt) will check the project's Python dependencies for security vulnerabilities.