Add bandit pre-commit hook to check for security issues

2026-06-13 18:50:47 +05:30 · 2024-01-12 18:33:43 +01:00
parent be6b7a01d6
commit 063fe0015c
2 changed files with 12 additions and 3 deletions
@@ -19,7 +19,7 @@ repos:

  # python code formatting
  - repo: https://github.com/psf/black
-    rev: 23.1.0
+    rev: 23.12.1
    hooks:
      - id: black
        args: ["--config", "pyproject.toml"]
@@ -33,7 +33,7 @@ repos:

  # python check (PEP8), programming errors and code complexity
  - repo: https://github.com/PyCQA/flake8
-    rev: 6.0.0
+    rev: 7.0.0
    hooks:
      - id: flake8
        args: ["--config", ".flake8"]
@@ -44,3 +44,10 @@ repos:
    hooks:
    -   id: pylint
        args: ["--rcfile", "pyproject.toml"]
+
+  - repo: https://github.com/PyCQA/bandit
+    rev: 1.7.6
+    hooks:
+    - id: bandit
+      args: ["-c", "pyproject.toml"]
+      additional_dependencies: ["bandit[toml]"]
@@ -75,7 +75,9 @@ exclude_dirs = ["build","dist","tests","scripts"]
 number = 4
 recursive = true
 targets = "src"
-skips = ["B101", "B311"]
+# B404 and B603 are skipped because the user can already run any arbitrary
+# command on their jupyter server
+skips = ["B101", "B311", "B404", "B603"]

 [tool.black]
 line-length = 79