mirror of
https://github.com/FuzzingLabs/fuzzforge_ai.git
synced 2026-02-13 21:12:48 +00:00
9468a8b023
Implements Issue #5 - Python SAST workflow that combines: - Dependency scanning (pip-audit) for CVE detection - Security linting (Bandit) for vulnerability patterns - Type checking (Mypy) for type safety issues ## Changes **New Modules:** - `DependencyScanner`: Scans Python dependencies for known CVEs using pip-audit - `BanditAnalyzer`: Analyzes Python code for security issues using Bandit - `MypyAnalyzer`: Checks Python code for type safety issues using Mypy **New Workflow:** - `python_sast`: Temporal workflow that orchestrates all three SAST tools - Runs tools in parallel for fast feedback (3-5 min vs hours for fuzzing) - Generates unified SARIF report with findings from all tools - Supports configurable severity/confidence thresholds **Updates:** - Added SAST dependencies to Python worker (bandit, pip-audit, mypy) - Updated module __init__.py files to export new analyzers - Added type_errors.py test file to vulnerable_app for Mypy validation ## Testing Workflow tested successfully on vulnerable_app: - ✅ Bandit: Detected 9 security issues (command injection, unsafe functions) - ✅ Mypy: Detected 5 type errors - ✅ DependencyScanner: Ran successfully (no CVEs in test dependencies) - ✅ SARIF export: Generated valid SARIF with 14 total findings
24 lines
323 B
Plaintext
24 lines
323 B
Plaintext
# Temporal worker dependencies
|
|
temporalio>=1.5.0
|
|
pydantic>=2.0.0
|
|
|
|
# Storage (MinIO/S3)
|
|
boto3>=1.34.0
|
|
|
|
# Configuration
|
|
pyyaml>=6.0.0
|
|
|
|
# HTTP Client (for real-time stats reporting)
|
|
httpx>=0.27.0
|
|
|
|
# A2A Agent Communication
|
|
a2a-sdk[all]>=0.1.0
|
|
|
|
# Fuzzing
|
|
atheris>=2.3.0
|
|
|
|
# SAST Tools
|
|
bandit>=1.7.0
|
|
pip-audit>=2.6.0
|
|
mypy>=1.8.0
|