Static Code analysis and Security Scanning tools for Django Web Applications

Hi, We have tried Prospector tool: https://prospector.landscape.io/en/master/ and got the following result Check Information > = > Started: 2022-07-05 20:29:59.548372 > Finished: 2022-07-05 20:38:58.411776 > Time Taken: 538.86 seconds >Formatter: g

Re: Static Code analysis and Security Scanning tools for Django Web Applications

i'd recommend bugbear and bandit, but afaik they are already in prospector On Wed, 6 Jul 2022 at 06:16, Ram wrote: > Hi, > > We have tried Prospector tool: https://prospector.landscape.io/en/master/ > > and got the following result > > > Check Information >> = >> Started

Re: Static Code analysis and Security Scanning tools for Django Web Applications

Hello Christian, Thank you for your suggestion. I see Bandit in the supported tools in Prospector: https://prospector.landscape.io/en/master/supported_tools.html , but not finding bugbear. We will try to add Bandit and see. Best regards, ~Ram On Fri, Jul 8, 2022 at 9:27 AM Christian Ledermann <

Re: Static Code analysis and Security Scanning tools for Django Web Applications

I also use safety to scan for package vulnerabilities in the pipeline. This is similar to a repo-scanning app like Dependabot or Snyk. Prospector is decent, although I found it preferable to use pre-commit to wire up individual tools