bandit-sast CI stage is deprecated by Gitlab
https://docs.gitlab.com/ee/user/application_security/sast/analyzers.html#sast-analyzers
bandit (Bandit); End of Support in GitLab 15.4. Replaced by the semgrep analyzer with GitLab-managed rules.
Also I don't think it worked. For example, it should highlight the usage of mark_safe
and exec
but it happily passes it though.
It can be replaced by a Debian based bandit analyser. (just like other CI analysers)
However, there are a lot of issues that should be fixed before adding it.
This is the scan result against master:
Code scanned:
Total lines of code: 83316
Total lines skipped (#nosec): 1087
Run metrics:
Total issues (by severity):
Undefined: 0
Low: 760
Medium: 31
High: 2
Total issues (by confidence):
Undefined: 0
Low: 3
Medium: 28
High: 762
Files skipped (0):
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information