Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ci: Bandit updates #175

Merged
merged 2 commits into from
Sep 16, 2024
Merged

Conversation

edwarddavidbaker
Copy link
Contributor

@edwarddavidbaker edwarddavidbaker commented May 7, 2024

Bandit is flagging eval() as a possible issue [1]. In this instance, usage is
already ignored for pylint.

[1] https://github.com/intel/perfmon/security/code-scanning/7
@edwarddavidbaker edwarddavidbaker force-pushed the bandit-updates branch 2 times, most recently from 4200b34 to 2fa793b Compare September 16, 2024 16:23
Automated scanning is recommending pinning requirements.txt packages
to a specific version [1].

[1] https://github.com/ossf/scorecard/blob/main/docs/checks.md#pinned-dependencies
@edwarddavidbaker
Copy link
Contributor Author

Confirmed requirements.txt changes with Ryan Ware.

@edwarddavidbaker edwarddavidbaker merged commit d2d1313 into intel:main Sep 16, 2024
4 checks passed
@edwarddavidbaker edwarddavidbaker deleted the bandit-updates branch September 16, 2024 20:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant