Skip to content
v0.1.3

Security Artifacts

What are these files?

Security reports for code and dependencies, produced by make security:

  • Bandit — source-level checks (bandit -r, text + JSON)
  • pip-audit — dependency CVE scan (JSON once; gated/pretty text via scripts/helper_pip_audit.py)

Makefile knobs: SECURITY_PATHS, SECURITY_IGNORE_IDS, SECURITY_STRICT, BANDIT_EXCLUDES.

Files & what they’re for

  • bandit.txt — Bandit screen output (Python security lint).

    • Good: 0 issues (or all below allowed severity).
    • How to use: Fix HIGH/MED first; use # nosec only with justification; re-run make security-bandit.

  • bandit.json — Bandit JSON report with per-issue details.

    • Good: 0 total issues; no HIGH/MED severities. — 0 issues (H:0 M:0 L:0)
    • How to use: Prioritize HIGH/MED; adjust BANDIT_EXCLUDES or inline ignores sparingly.

  • pip-audit.txt — pip-audit screen summary (dependency CVE scan; gated by helper script).

    • Good: 0 vulnerable packages.
    • How to use: Upgrade/patch; respect SECURITY_IGNORE_IDS; SECURITY_STRICT=1 gates CI.

  • pip-audit.json — pip-audit JSON report (one run; helper script gates separately).

    • Good: 0 vulnerabilities reported. — 0 vulns across 0/244 packages
    • How to use: Open fixes or pin versions; re-run after dependency changes or pip-compile.

bandit.txt

About this artifact

What it is: Bandit screen output (Python security lint). What good looks like: 0 issues (or all below allowed severity).

Open full contents

bandit.json

About this artifact

What it is: Bandit JSON report with per-issue details. What good looks like: 0 total issues; no HIGH/MED severities. Summary: total 0 issues — HIGH 0, MEDIUM 0, LOW 0.

Open full contents

pip-audit.txt

About this artifact

What it is: pip-audit screen summary (dependency CVE scan; gated by helper script). What good looks like: 0 vulnerable packages.

Open full contents

pip-audit.json

About this artifact

What it is: pip-audit JSON report (one run; helper script gates separately). What good looks like: 0 vulnerabilities reported. Summary: scanned 244 packages; 0 packages vulnerable; 0 total vulnerabilities. Console gating is done by scripts/helper_pip_audit.py (respects SECURITY_IGNORE_IDS and SECURITY_STRICT).

Open full contents