Cleaned up automated security checks (!571) · Merge requests · portmod / Portmod

Benjamin Winger requested to merge bmwinger/portmod:security-checks into master Mar 07, 2023

GitLab's security dashboard is nice in theory, but for us it's mostly full of false positives with no clear way to configure it (it uses a custom scanner called semgrep, which mostly seems to re-implement bandit checks).

So instead I've added bandit (with configuration to ignore irrelevant warnings) and cargo-audit to CI, and removed the gitlab SAST scanning.

I also updated requirements.txt, as it's out of date and never really used, and GitLab's dependency scanning tool doesn't seem to work with setup.py (though I think it's supposed to).

Edited Mar 07, 2023 by Benjamin Winger

Cleaned up automated security checks

Merge request reports