Conversation
mypy does static analysis, and bandit does security auditing (of known vulnerabilities, and some suspect coding patterns). Both of these are currently showing some errors, which should be addressed, and some warnings, which could be addressed.
Codecov Report
@@ Coverage Diff @@
## dev #151 +/- ##
=======================================
Coverage 52.16% 52.16%
=======================================
Files 15 15
Lines 1342 1342
Branches 137 137
=======================================
Hits 700 700
Misses 627 627
Partials 15 15 |
|
The most pressing issue raised by this is available at https://travis-ci.org/ikalchev/HAP-python/jobs/426333586#L551. My understanding is that we should be using a different crypto package. |
|
Thanks! I will review this and the raised issues and will open PR to track them later this evening. Awesome addition |
|
I went to PyConAU a couple of weeks ago, and there was a great talk about using Bandit, and another package (Safety): https://2018.pycon-au.org/talks/43518-watch-out-for-safety-bandits/ It's well worth watching. |
|
I would definitely would like these checks added. However, can we remove them from travis until we address the issues, as otherwise the builds will fail. What do you think |
3 participants
mypy does static analysis, and bandit does security auditing (of known
vulnerabilities, and some suspect coding patterns).
Both of these are currently showing some errors, which should be
addressed, and some warnings, which could be addressed.
I'm hoping that travis or whatever is running the tests will pick up this, but I may need to do more.