I also use safety <https://pypi.org/project/safety/> to scan for package vulnerabilities in the pipeline. This is similar to a repo-scanning app like Dependabot or Snyk.
Prospector is decent, although I found it preferable to use pre-commit <https://pre-commit.com/> to wire up individual tools like bandit, black, ./manage.py check, safety, flake8 -- that way I can run them as individual build jobs that run in parallel in the build pipeline, rather than one command invocation. On Tuesday, July 5, 2022 at 10:17:14 PM UTC-7 ram.mu...@gmail.com wrote: > Hi, > > We have tried Prospector tool: https://prospector.landscape.io/en/master/ > > and got the following result > > > Check Information >> ================= >> Started: 2022-07-05 20:29:59.548372 >> Finished: 2022-07-05 20:38:58.411776 >> Time Taken: 538.86 seconds >> Formatter: grouped >> Profiles: default, no_doc_warnings, no_test_warnings, >> strictness_medium, strictness_high, strictness_veryhigh, no_member_warnings >> Strictness: None >> Libraries Used: django, celery >> Tools Run: dodgy, mccabe, profile-validator, pycodestyle, >> pyflakes, pylint >> Messages Found: 17186 > > > but wondering if you guys use any other better tools than this. Our goal > is find out gaps and error from the following items: > > 1. Security scanning > 2. Static code analysis > 3. Vulnerabilities scanning > > Best regards, > ~Ram > > > > > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/1edee7b5-f410-4759-9316-a6705360ea78n%40googlegroups.com.
