Python Security Analysis and Remediation

Find and fix security vulnerabilities in Python code following Engineering Charter security principles.

Objectives

1. Detect security vulnerabilities using automated scanners
2. Identify SQL injection risks
3. Find hardcoded secrets and credentials
4. Detect weak cryptographic practices
5. Fix vulnerabilities following secure coding patterns
6. Prevent secrets from being committed to git

Required Tools

Add to [dependency-groups] dev: "bandit", "ruff"

• bandit: AST-based security scanner
• ruff --select S: Built-in Bandit rules (faster alternative)