Hacker News new | past | comments | ask | show | jobs | submit login

One of the Bandit maintainers here (the tool used for this research). static analysis results cannot be used for the overall security posture of an application.

Bandit can and has often found vulnerabilities, but its not something you can run and expect accurate results every time.

It requires human review as it will get things wrong and require adjustments to skip false positives at each later run.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact