Static Code analysis and Security Scanning tools for Django Web Applications
79 views
Skip to first unread message
Ram
Jul 6, 2022, 1:17:14 AM7/6/22
to django...@googlegroups.com
Hi,
We have tried Prospector tool: https://prospector.landscape.io/en/master/
and got the following result
Check Information
=================
Started: 2022-07-05 20:29:59.548372
Finished: 2022-07-05 20:38:58.411776
Time Taken: 538.86 seconds
Formatter: grouped
Profiles: default, no_doc_warnings, no_test_warnings, strictness_medium, strictness_high, strictness_veryhigh, no_member_warnings
Strictness: None
Libraries Used: django, celery
Tools Run: dodgy, mccabe, profile-validator, pycodestyle, pyflakes, pylint
Messages Found: 17186
but wondering if you guys use any other better tools than this. Our goal is find out gaps and error from the following items:
1. Security scanning
2. Static code analysis
3. Vulnerabilities scanning
Best regards,
~Ram
Christian Ledermann
Jul 8, 2022, 11:27:43 AM7/8/22
to django...@googlegroups.com
i'd recommend bugbear and bandit, but afaik they are already in prospector
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CA%2BOi5F17JJhVcAa5WY3gGSLX%3Db5qOhbK%3D2LeRBngtKsxvKiogw%40mail.gmail.com.
Best Regards,
Christian Ledermann
Galway, IE
Christian Ledermann
Galway, IE
Mobile : +353 (0) 899748838
https://www.linkedin.com/in/christianledermann
https://github.com/cleder/
<*)))>{
If you save the living environment, the biodiversity that we have left,
you will also automatically save the physical environment, too. But If
you only save the physical environment, you will ultimately lose both.
1) Don’t drive species to extinction
2) Don’t destroy a habitat that species rely on.
3) Don’t change the climate in ways that will result in the above.
}<(((*>
https://www.linkedin.com/in/christianledermann
https://github.com/cleder/
<*)))>{
If you save the living environment, the biodiversity that we have left,
you will also automatically save the physical environment, too. But If
you only save the physical environment, you will ultimately lose both.
1) Don’t drive species to extinction
2) Don’t destroy a habitat that species rely on.
3) Don’t change the climate in ways that will result in the above.
}<(((*>
Ram
Jul 10, 2022, 11:47:31 AM7/10/22
to django...@googlegroups.com
Hello Christian,
Thank you for your suggestion. I see Bandit in the supported tools in Prospector: https://prospector.landscape.io/en/master/supported_tools.html , but not finding bugbear. We will try to add Bandit and see.
Best regards,
~Ram
~Ram
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CABCjzWqy%2Brx1mzEtJeNgM80%2Bf_uaFs-GrV-n_pz1%3D4hZeXDO6A%40mail.gmail.com.
Paul Tiplady
Jul 13, 2022, 2:21:44 PM7/13/22
to Django users
I also use safety to scan for package vulnerabilities in the pipeline. This is similar to a repo-scanning app like Dependabot or Snyk.
Prospector is decent, although I found it preferable to use pre-commit to wire up individual tools like bandit, black, ./manage.py check, safety, flake8 -- that way I can run them as individual build jobs that run in parallel in the build pipeline, rather than one command invocation.
Reply all
Reply to author
Forward
0 new messages