black VS safety

To get all your code into a consistent format the next step is to run a formatter. I recommend black, the well-known uncompromising code formatter, which is the most popular choice. Alternatives to black are autoflake, prettier and yapf, if you do not agree with blacks constraints.

$ pre-commit install pre-commit installed at .git/hooks/pre-commit $ git add .pre-commit-config.yaml $ git commit -m "Add pre-commit config" [INFO] Initializing environment for https://github.com/pre-commit/pre-commit-hooks. [INFO] Initializing environment for https://gitlab.com/pycqa/flake8. [INFO] Initializing environment for https://github.com/pycqa/isort. [INFO] Initializing environment for https://github.com/python/black. [INFO] Installing environment for https://github.com/pre-commit/pre-commit-hooks. [INFO] Once installed this environment will be reused. [INFO] This may take a few minutes... [INFO] Installing environment for https://gitlab.com/pycqa/flake8. [INFO] Once installed this environment will be reused. [INFO] This may take a few minutes... [INFO] Installing environment for https://github.com/pycqa/isort. [INFO] Once installed this environment will be reused. [INFO] This may take a few minutes... [INFO] Installing environment for https://github.com/python/black. [INFO] Once installed this environment will be reused. [INFO] This may take a few minutes... Trim Trailing Whitespace.................................................Passed Check Yaml...............................................................Passed Check for merge conflicts................................................Passed Debug Statements (Python)............................(no files to check)Skipped Check for added large files..............................................Passed Fix requirements.txt.................................(no files to check)Skipped Check django project for potential problems..........(no files to check)Skipped Check django project for missing migrations..........(no files to check)Skipped flake8...............................................(no files to check)Skipped isort................................................(no files to check)Skipped black................................................(no files to check)Skipped

Safety and Dependabot complement these security tools by focusing on external dependencies. Safety takes charge of examining your dependencies, ensuring they are up-to-date and free from any known vulnerabilities. Dependabot works similarly, scanning dependencies, verifying if they're current and assessing them for potential security flaws. This function is crucial as weaknesses in external dependencies can compromise the security of the entire codebase.

https://pyup.io/safety/ for security checks of dependencies

I'm trying this tool at the moment: https://pyup.io/safety/

Checking could be done if something like this eventually shows up in safety or pip-audit.

A 2021 security report by Snyk, states 47% of Python projects contain known vulnerabilities. On the bright hand side, almost 87% of known vulnerabilities can be resolved by upgrading the vulnerable package. Safety checks your installed dependencies for known security vulnerabilities.

safety: Safety checks your installed dependencies for known security vulnerabilities.

There is a python project called "safety". https://github.com/pyupio/safety If you run this after every package install or update and on a regular cadence it should catch the worst offenders much easier than having someone manually review every package.