https://pantsbuild.org/ logo
Join Slack
Powered by
Is there any plan to add support for <safety>?
# general
r
Is there any plan to add support for safety?
b
If it's not in an issue, I suspect it isn't. Looks really neat though! Wanna file an issue? Then wanna fix that issue? We're happy to help you along the way!
r
Ok, I think I found myself some work to do 😉
b
Prepare yourself, that's how it all started for many of us contributors and maintainers 😁
❤️ 4
w
If you're interested in adding 
safety
as a plugin, here are the main docs about creating a plugin: https://www.pantsbuild.org/docs/plugins-overview And, shameless promo, here's some stuff I wrote: https://sureshjoshi.com/development/first-pants-plugin 🙂 If you get stuck anywhere, I'm more than ready to help out - as I've written a bunch of these (ahem, to varying qualities)
🙌 4
b
licensed for non-commercial use only.
Oh thats, uh, ... gonna be a speed bump I presume 🤔
1
Not for Pants, but for the usage of the tool
h
how come use this over Bandit? I haven't heard of it before, looks cool
r
Bandit scan your Python code, Safety your dependencies...
👍 1
2
@bitter-ability-32190 Hum, yeah, that's unfortunate. While 
Safety
is MIT licensed, the default database it uses (
Safety-DB
) is licensed for non-commercial use only. An alternative, but less popular, is 
pip-audit
. It is Apache 2.0 licensed and uses the "Python Packaging Advisory Database" via the "PyPi JSON API" as a source of vulnerability reports.
1
b
Porque no los dos 😂
😂 1
h
We use pip-audit at Toolchain and have had a good experience
3 Views
Open in Slack
PreviousNext
Powered by