Security
security
Security rules — Bandit + secret-pattern detection.
SecurityPatternRule
dataclass
Bases: ProjectRule
Detect hardcoded secrets via high-value formats + filtered keyword scan.
Source code in packages/axm-audit/src/axm_audit/core/rules/security.py
| Python | |
|---|---|
292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 | |
rule_id
property
Unique identifier for this rule.
check(project_path)
Check for hardcoded secrets in the project.
Source code in packages/axm-audit/src/axm_audit/core/rules/security.py
SecurityRule
dataclass
Bases: ProjectRule
Run Bandit and score based on vulnerability severity.
Scoring: 100 - (high_count * 15 + medium_count * 5), min 0.
Source code in packages/axm-audit/src/axm_audit/core/rules/security.py
rule_id
property
Unique identifier for this rule.
check(project_path)
Check project security with Bandit.
Source code in packages/axm-audit/src/axm_audit/core/rules/security.py
run_bandit(src_path, project_path)
Run Bandit and return parsed JSON output.
Raises:
| Type | Description |
|---|---|
RuntimeError
|
If bandit exits with rc >= 2 (error) and produces no parseable output. rc=0 means clean, rc=1 means issues found. |