Skip to content

Nootski/python-secure-template

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
.github
.github
 
 
.pre-commit-config.yaml
.pre-commit-config.yaml
 
 
README.md
README.md
 
 
pyproject.toml
pyproject.toml
 
 

Repository files navigation

python-secure-template

Python project template met pre-configured security pipeline.

Setup nieuw project

# Clone template
gh repo create Nootski/NIEUW-PROJECT \
  --template Nootski/python-secure-template \
  --private --clone

# Activeer pre-commit hooks lokaal
pip install pre-commit
pre-commit install

Security pipeline

Lokaal (pre-commit)

Draait automatisch bij git commit:

  • gitleaks — secrets/API keys detecteren
  • ruff — lint + format (auto-fix)
  • bandit — Python security smells
  • standaard hooks — geen private keys, geen merge conflicts

Handmatig draaien:

pre-commit run --all-files

GitHub Actions (bij push/PR)

  • Gitleaks secrets scan
  • Ruff lint + format check
  • Pytest (als tests/ bestaat)
  • Bandit security scan
  • pip-audit CVE scan

Dependabot

Automatische PR's bij kwetsbare dependencies (pip + GitHub Actions), elke maandag.

False positives

Bandit B104 (bind 0.0.0.0) is geskipped — false positive voor Gunicorn/Uvicorn productie setup.

Gitleaks — voeg toe aan .gitleaks.toml:

[allowlist]
  paths = [".env.example"]

About

Python project template with pre-commit, CI, Dependabot and security scanning pre-configured

Resources

Readme

Security policy

Security policy
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors