added bandit

Author: btr1975

Makefile

@@ -11,7 +11,7 @@ info:
 	@echo "    coverage  To run coverage and display ASCII and output to htmlcov"
 	@echo "    pytest    To run pytest with verbose option"
 
-all: coverage black pylint
+all: black pylint coverage secure
 
 coverage:
 	@pytest --cov --cov-report=html -vvv
@@ -25,3 +25,6 @@ pylint:
 black:
 	@black hooks/
 	@black tests/
+
+secure:
+	@bandit -c pyproject.toml -r .

cookiecutter.json

@@ -43,7 +43,7 @@
         "https"
     ],
     "__template_repo": "https://github.com/btr1975/cookiecutter-python-library",
-    "__template_version": "1.0.15",
+    "__template_version": "1.0.16",
     "_new_lines": "\n",
     "_copy_without_render": [
         ".github"

make.bat

@@ -5,10 +5,11 @@ REM Version: 1.0.0
 REM
 
 IF "%1" == "all" (
-    pytest --cov --cov-report=html -vvv
     black hooks\
     black tests\
     pylint hooks\
+    pytest --cov --cov-report=html -vvv
+    bandit -c pyproject.toml -r .
     GOTO END
 )
 
@@ -33,6 +34,11 @@ IF "%1" == "black" (
     GOTO END
 )
 
+IF "%1" == "secure" (
+    bandit -c pyproject.toml -r .
+    GOTO END
+)
+
 @ECHO make options
 @ECHO     coverage  To run coverage and display ASCII and output to htmlcov
 @ECHO     black     To format the code with black

pyproject.toml

@@ -27,3 +27,11 @@ fail-under = 9.9
 
 [tool.black]
 line-length = 120
+
+[tool.bandit]
+exclude_dirs = [
+    "tests",
+    "venv",
+    "docs",
+    "{{cookiecutter.git_repo_name}}"
+]

requirements-dev.txt

@@ -4,3 +4,4 @@ pytest-cookies~=0.7.0
 pylint~=3.0.2
 pip-audit~=2.7.3
 black~=24.10.0
+bandit~=1.8.3

requirements.txt

@@ -1 +1 @@
-cookiecutter~=2.5.0
+cookiecutter~=2.6.0

{{cookiecutter.git_repo_name}}/Makefile

@@ -1,6 +1,6 @@
 # Makefile for project needs
 # Author: Ben Trachtenberg
-# Version: 1.0.8
+# Version: 1.0.9
 #
 
 .PHONY: all info build build-container coverage format pylint pytest start-container stop-container remove-container \
@@ -12,6 +12,7 @@ info:
 	@echo "    build               To build a distribution"
 	@echo "    build-container     To build a container image"
 	@echo "    check-vuln          To check for vulnerabilities in the dependencies"
+	@echo "    check-security      To check for vulnerabilities in the code"
 	@echo "    coverage            To run coverage and display ASCII and output to htmlcov"
 	@echo "    format              To format the code with black"
 	@echo "    pylint              To run pylint"
@@ -21,7 +22,7 @@ info:
 	@echo "    remove-container    To remove the container"
 {% if cookiecutter.library_documents_location == 'github-pages' %}	@echo "    gh-pages           To create the GitHub pages"{% endif %}
 
-all: coverage format pylint check-vuln
+all: format pylint coverage check-security check-vuln
 
 build:
 	@python -m build
@@ -80,3 +81,6 @@ remove-container:
 
 check-vuln:
 	@pip-audit -r requirements.txt
+
+check-security:
+	@bandit -c pyproject.toml -r .

{{cookiecutter.git_repo_name}}/make.bat

@@ -1,66 +1,87 @@
 @ECHO OFF
 REM Makefile for project needs
 REM Author: Ben Trachtenberg
-REM Version: 1.0.7
+REM Version: 1.0.8
 REM
 
-IF "%1" == "all" (
-    pytest --cov --cov-report=html -vvv
+SET option=%1
+
+IF "%option%" == "" (
+    GOTO BAD_OPTIONS
+)
+
+IF "%option%" == "all" (
     black {{cookiecutter.__library_name}}/
     black tests/
     pylint {{cookiecutter.__library_name}}\
+    pytest --cov --cov-report=html -vvv
+    bandit -c pyproject.toml -r .
     pip-audit -r requirements.txt
     GOTO END
 )
 
-IF "%1" == "build" (
+IF "%option%" == "build" (
     python -m build
     GOTO END
 )
 
-IF "%1" == "coverage" (
+IF "%option%" == "coverage" (
     pytest --cov --cov-report=html -vvv
     GOTO END
 )
 
-IF "%1" == "pylint" (
+IF "%option%" == "pylint" (
     pylint {{cookiecutter.__library_name}}\
     GOTO END
 )
 
-IF "%1" == "pytest" (
+IF "%option%" == "pytest" (
     pytest --cov -vvv
     GOTO END
 )
 
-IF "%1" == "format" (
+IF "%option%" == "format" (
     black {{cookiecutter.__library_name}}/
     black tests/
     GOTO END
 )
 
-IF "%1" == "check-vuln" (
+IF "%option%" == "check-vuln" (
     pip-audit -r requirements.txt
     GOTO END
 )
 
+IF "%option%" == "check-security" (
+    bandit -c pyproject.toml -r .
+    GOTO END
+)
+
 {% if cookiecutter.library_documents_location == 'github-pages' %}
-IF "%1" == "gh-pages" (
+IF "%option%" == "gh-pages" (
     rmdir /s /q docs\source\code
     sphinx-apidoc -o ./docs/source/code ./{{cookiecutter.__library_name}}
     sphinx-build ./docs ./docs/gh-pages
     GOTO END
 )
 {% endif %}
 
+:OPTIONS
 @ECHO make options
 @ECHO     all             To run coverage, format, pylint, and check-vuln
 @ECHO     build           To build a distribution
 @ECHO     coverage        To run coverage and display ASCII and output to htmlcov
 @ECHO     check-vuln      To check for vulnerabilities in the dependencies
+@ECHO     check-security  To check for vulnerabilities in the code
 @ECHO     format          To format the code with black
 @ECHO     pylint          To run pylint
 @ECHO     pytest          To run pytest with verbose option
 {% if cookiecutter.library_documents_location == 'github-pages' %}@ECHO     gh-pages  To create the GitHub pages{% endif %}
+GOTO END
+
+:BAD_OPTIONS
+@ECHO Argument is missing
+@ECHO Usage: make.bat option
+@ECHO.
+GOTO OPTIONS
 
 :END

{{cookiecutter.git_repo_name}}/pyproject.toml

@@ -102,3 +102,10 @@ fail-under = 9.9
 
 [tool.black]
 line-length = 120
+
+[tool.bandit]
+exclude_dirs = [
+    "tests",
+    "venv",
+    "docs"
+]