Cleaned up automated security checks
GitLab's security dashboard is nice in theory, but for us it's mostly full of false positives with no clear way to configure it (it uses a custom scanner called semgrep, which mostly seems to re-implement bandit checks).
So instead I've added bandit (with configuration to ignore irrelevant warnings) and cargo-audit to CI, and removed the gitlab SAST scanning.
I also updated requirements.txt
, as it's out of date and never really used, and GitLab's dependency scanning tool doesn't seem to work with setup.py
(though I think it's supposed to).
Edited by Benjamin Winger