Skip to content

GitLab

  • Menu
Projects Groups Snippets
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
  • Sign in / Register
  • lava lava
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 90
    • Issues 90
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 48
    • Merge requests 48
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Packages & Registries
    • Packages & Registries
    • Container Registry
  • Analytics
    • Analytics
    • CI/CD
    • Repository
    • Value stream
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • lava
  • lavalava
  • Issues
  • #584

Closed
Open
Created Jan 16, 2023 by Igor Ponomarev@igo95862Contributor

bandit-sast CI stage is deprecated by Gitlab

https://docs.gitlab.com/ee/user/application_security/sast/analyzers.html#sast-analyzers

bandit (Bandit); End of Support in GitLab 15.4. Replaced by the semgrep analyzer with GitLab-managed rules.

Also I don't think it worked. For example, it should highlight the usage of mark_safe and exec but it happily passes it though.

It can be replaced by a Debian based bandit analyser. (just like other CI analysers)

However, there are a lot of issues that should be fixed before adding it.

This is the scan result against master:

Code scanned:
	Total lines of code: 83316
	Total lines skipped (#nosec): 1087

Run metrics:
	Total issues (by severity):
		Undefined: 0
		Low: 760
		Medium: 31
		High: 2
	Total issues (by confidence):
		Undefined: 0
		Low: 3
		Medium: 28
		High: 762
Files skipped (0):
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking