There might be some value in building this out over just using semgrep's gitlab-bandit rule set.
Description
Description
| Status | Subtype | Assigned | Task | ||
|---|---|---|---|---|---|
| Resolved | sbassett | T289290 Design and Build Application Security Pipeline Components for Gitlab | |||
| Resolved | brennen | T289292 Create Security Team group within gitlab.wikimedia.org | |||
| Resolved | sbassett | T289293 Create initial proof of concept application security pipeline repository | |||
| Resolved | sbassett | T301833 Create python bandit ci template |
Event Timeline
Comment Actions
There's a bit of redundancy between this task and just using semgrep's gitlab-bandit policy. But it's likely still worthwhile building out this particular template as there do appear to be differences in coverage and performance, according to this r2c blog post.
Comment Actions
This should be done for now. Here's the current template, still on a development branch (will be merged back to master and production branches at some point). This is a very simple implementation for now. Default options are reporting medium-level errors and higher (-ll) and a recursive scan (-r).