bandit-sast CI stage is deprecated by Gitlab (#584) · Issues · lava / lava

bandit-sast CI stage is deprecated by Gitlab

https://docs.gitlab.com/ee/user/application_security/sast/analyzers.html#sast-analyzers

bandit (Bandit); End of Support in GitLab 15.4. Replaced by the semgrep analyzer with GitLab-managed rules.

Also I don't think it worked. For example, it should highlight the usage of mark_safe and exec but it happily passes it though.

It can be replaced by a Debian based bandit analyser. (just like other CI analysers)

However, there are a lot of issues that should be fixed before adding it.

This is the scan result against master:

Code scanned:
	Total lines of code: 83316
	Total lines skipped (#nosec): 1087

Run metrics:
	Total issues (by severity):
		Undefined: 0
		Low: 760
		Medium: 31
		High: 2
	Total issues (by confidence):
		Undefined: 0
		Low: 3
		Medium: 28
		High: 762
Files skipped (0):

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information