I also use safety <https://pypi.org/project/safety/> to scan for package vulnerabilities in the pipeline. This is similar to a repo-scanning app like Dependabot or Snyk.
Prospector is decent, although I found it preferable to use pre-commit <https://pre-commit.com/> to wire up individual tools like bandit, black, ./manage.py check, safety, flake8 -- that way I can run them as individual build jobs that run in parallel in the build pipeline, rather than one command invocation. On Tuesday, July 5, 2022 at 10:17:14 PM UTC-7 [email protected] wrote: > Hi, > > We have tried Prospector tool: https://prospector.landscape.io/en/master/ > > and got the following result > > > Check Information >> ================= >> Started: 2022-07-05 20:29:59.548372 >> Finished: 2022-07-05 20:38:58.411776 >> Time Taken: 538.86 seconds >> Formatter: grouped >> Profiles: default, no_doc_warnings, no_test_warnings, >> strictness_medium, strictness_high, strictness_veryhigh, no_member_warnings >> Strictness: None >> Libraries Used: django, celery >> Tools Run: dodgy, mccabe, profile-validator, pycodestyle, >> pyflakes, pylint >> Messages Found: 17186 > > > but wondering if you guys use any other better tools than this. Our goal > is find out gaps and error from the following items: > > 1. Security scanning > 2. Static code analysis > 3. Vulnerabilities scanning > > Best regards, > ~Ram > > > > > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/1edee7b5-f410-4759-9316-a6705360ea78n%40googlegroups.com.
