Giters

sdv-dev / Copulas

A library to model multivariate data using copulas.

Home Page:https://sdv.dev/Copulas/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Add bandit workflow

amontanez24 opened this issue · comments

commented

Problem Description

As a developer, it would be useful to get a static code analysis of our library every so often so we aren't accidently introducing known vulnerabilities.

Expected behavior

  • Add a Github Actions workflow that runs when a release is made. This action should
    • Run Bandit
    • Store the output as a file at the base level of the repo
  • Make sure the file doesn't get included when creating the package for Copulas

Additional context

  • See this PR for inspiration
    Bandit is an open sourced tool that can be used to scan python code for vulnerabilities.