flake8-bandit
content
Our great sponsors
| flake8-bandit | content | |
|---|---|---|
| 3 | 7 | |
| 111 | 2,076 | |
| - | 2.7% | |
| 0.0 | 10.0 | |
| 7 months ago | 4 days ago | |
| Python | Shell | |
| MIT License | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
flake8-bandit
-
The Ruff python linter is insanely good
flake8-bandit uses bandit behind the scenes: https://github.com/tylerwince/flake8-bandit/blob/main/flake8_bandit.py ruff doesn't and implements the rules directly
-
Python toolkits
flake8-black which uses black for code formatting check.
-
Hardening and Simplifying Python's urlopen
A little disturbing, yes? Bandit agrees. Perhaps you want to consider scanning with that security tool or its related flake8 plugin.
content
- Oracle linux CIS benchmark
-
FIPS 140 and MacOS
For starters there's an entire NIST project for macOS Security Compliance - https://github.com/usnistgov/macos_security this will make your life a million times easier to meet a lot of the technical controls required for compliance. Nothing like this really exists for Windows or Linux(closest is Compliance As Code https://github.com/ComplianceAsCode/content)
- Ansible for automation/ hardening.
- I wrote a Script to bring firefox into dISA STIG compliance on RHEL 7 & 8 systems.
- hardening a RHEL8 VM using OpenSCAP and DISA STIG
-
CIS Benchmarking Git Community
I haven't used this in a while but take a look at ComplianceAsCode it is attempting to apply controls for each of the different benchmarks on different OSes. It might have what you are looking for, plus you can always contribute back any changes you make to help others.
- ComplianceAsCode/content: Security automation content in SCAP, OSCAL, Bash, Ansible, and other formats
What are some alternatives?
bandit - Bandit is a tool designed to find common security issues in Python code.
AMDH - Android Mobile Device Hardening
vulnerablecode - A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/
hardening - Hardening Ubuntu. Systemd edition.
gosec - Go security checker
ansible-role-rhel8-stig - DISA STIG for Red Hat Enterprise Linux 8 - Ansible role generated from ComplianceAsCode Project
monkey - Infection Monkey - An open-source adversary emulation platform
ansible-role-hardening - Ansible role to apply a security baseline. Systemd edition.
wazuh-ruleset - Wazuh - Ruleset
lunasec - LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/
Check-WP-CVE-2020-35489 - The (WordPress) website test script can be exploited for Unlimited File Upload via CVE-2020-35489
lynis - Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.