Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

adding bandit tool #1068

Closed
wants to merge 2 commits into from
Closed

adding bandit tool #1068

wants to merge 2 commits into from

Conversation

rajithkrishnegowda
Copy link
Collaborator

@rajithkrishnegowda rajithkrishnegowda commented Sep 26, 2024
edited
Loading

To enhance the security posture of our software development lifecycle, we are introducing Bandit, a popular security analysis tool specifically designed for Python applications.

Key Reasons for Adding Bandit:

  1. Static Analysis for Security Vulnerabilities
  2. Early Detection
  3. Compliance and Best Practices
  4. Automated Security Audits

Results
https://github.com/securefederatedai/openfl/actions/runs/11049131910

bandit-results.zip

@MasterSkepticista
Copy link
Collaborator

Where will the scan results persist?

@rajithkrishnegowda
Copy link
Collaborator Author

Where will the scan results persist?

After the Bandit scan runs successfully, the results are uploaded as an artifact in the GitHub Actions workflow as bandit-results.json file. You can access them by following these steps:

  1. Navigate to the Actions Tab: Go to the "Actions" tab of your GitHub repository.
  2. Select the Latest Workflow Run: Click on the specific run for your Bandit workflow.
  3. Download Artifacts: At the bottom of the workflow run details, you will find an "Artifacts" section. The Bandit results will be listed there as bandit-results. You can download the bandit-results.zip file from this section which contains json file.

@MasterSkepticista
Copy link
Collaborator

MasterSkepticista commented Sep 26, 2024
edited
Loading

GaNDLF test is failing on all new PRs. I suspect broken requirements

@rajithkrishnegowda
Copy link
Collaborator Author

Bandit tool is not approved by intel. hence closing this PR

@rajithkrishnegowda rajithkrishnegowda deleted the add_bandit branch December 12, 2024 16:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rahulga1 rahulga1 rahulga1 approved these changes

@MasterSkepticista MasterSkepticista MasterSkepticista approved these changes

@psfoley psfoley Awaiting requested review from psfoley

@teoparvanov teoparvanov Awaiting requested review from teoparvanov

@ishaileshpant ishaileshpant Awaiting requested review from ishaileshpant

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rajithkrishnegowda @MasterSkepticista @rahulga1