Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
CI: Add Bandit security check to lint workflow
- Integrate Bandit to scan for security issues in the codebase. - Configure Bandit to fail the workflow if any high-severity issues are found. e.g.: ```bash >> Issue: [B605:start_process_with_a_shell] Starting a process with a shell, possible injection detected, security issue. Severity: High Confidence: High CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html) More Info: https://bandit.readthedocs.io/en/1.7.9/plugins/b605_start_process_with_a_shell.html Location: ./binaries/build.py:52:30 51 if not args.dry_run: 52 build_exit_code = os.system(cur_wheel_cmd) 53 # If any one of the steps fail, exit with error ``` Fixes: #3311 Signed-off-by: ChengyuZhu6 <[email protected]>
- Loading branch information