https://pantsbuild.org/ logo
#general
Title
# general
r

rhythmic-glass-66959

07/21/2022, 7:53 PM
Is there any plan to add support for safety?
b

bitter-ability-32190

07/21/2022, 7:57 PM
If it's not in an issue, I suspect it isn't. Looks really neat though! Wanna file an issue? Then wanna fix that issue? We're happy to help you along the way!
r

rhythmic-glass-66959

07/21/2022, 8:01 PM
Ok, I think I found myself some work to do 😉
b

bitter-ability-32190

07/21/2022, 8:04 PM
Prepare yourself, that's how it all started for many of us contributors and maintainers 😁
❤️ 4
w

wide-midnight-78598

07/21/2022, 8:17 PM
If you're interested in adding
safety
as a plugin, here are the main docs about creating a plugin: https://www.pantsbuild.org/docs/plugins-overview And, shameless promo, here's some stuff I wrote: https://sureshjoshi.com/development/first-pants-plugin 🙂 If you get stuck anywhere, I'm more than ready to help out - as I've written a bunch of these (ahem, to varying qualities)
🙌 4
b

bitter-ability-32190

07/21/2022, 8:18 PM
licensed for non-commercial use only.
Oh thats, uh, ... gonna be a speed bump I presume 🤔
1
Not for Pants, but for the usage of the tool
h

hundreds-father-404

07/21/2022, 9:29 PM
how come use this over Bandit? I haven't heard of it before, looks cool
r

rhythmic-glass-66959

07/21/2022, 9:30 PM
Bandit scan your Python code, Safety your dependencies...
👍 1
2
@bitter-ability-32190 Hum, yeah, that's unfortunate. While
Safety
is MIT licensed, the default database it uses (
Safety-DB
) is licensed for non-commercial use only. An alternative, but less popular, is
pip-audit
. It is Apache 2.0 licensed and uses the "Python Packaging Advisory Database" via the "PyPi JSON API" as a source of vulnerability reports.
1
b

bitter-ability-32190

07/22/2022, 1:43 PM
Porque no los dos 😂
😂 1
h

hundreds-father-404

07/22/2022, 2:52 PM
We use pip-audit at Toolchain and have had a good experience
3 Views