Remove Bandit and Ruff PL rule (#157)

* Remove Bandit and Ruff PL rule

* Remove bandit.yml and bandit from main project.

* Remove nosec

* Remove Symlinks

development/Dockerfile.dockerignore

@@ -1,7 +1,6 @@
 **/*
 
 !/files/
-!/.bandit.yml
 !/.coveragerc
 !/.github/
 !/.yamllint.yml

docs/dev/dev_environment.md

@@ -102,7 +102,6 @@ Each command can be executed with `invoke <command>`. All commands support the a
 #### Testing
 
 ```
-  bandit           Run bandit to validate basic static code security analysis.
   ruff             Run ruff to perform code formatting and/or linting.
   pylint           Run pylint code analysis.
   tests            Run all tests for this app.
@@ -304,7 +303,6 @@ To run an individual test, you can run any or all of the following:
 
 ```bash
 ➜ invoke unittest
-➜ invoke bandit
 ➜ invoke ruff
 ➜ invoke pylint
 ```

nautobot-app-chatops/{{ cookiecutter.project_slug }}/development/mattermost/nautobot_bootstrap.py

@@ -26,9 +26,9 @@
 
 # The following tokens are for the development only and safe to store in the repo.
 _COMMAND_TOKENS = {
-    "clear": "u7p1an973bd1jqg75i3y7pxj7y",  # nosec
-    "nautobot": "ncygprhkt3rrxr4rkytcaa7c9c",  # nosec
-    "{{ cookiecutter.chatops_interactive_command }}": "fh1kbk45xtgm8r48jzr39ru1ww",  # nosec
+    "clear": "u7p1an973bd1jqg75i3y7pxj7y",
+    "nautobot": "ncygprhkt3rrxr4rkytcaa7c9c",
+    "{{ cookiecutter.chatops_interactive_command }}": "fh1kbk45xtgm8r48jzr39ru1ww",
 }
 
 for command, token in _COMMAND_TOKENS.items():

nautobot-app-chatops/{{ cookiecutter.project_slug }}/pyproject.toml

@@ -38,7 +38,6 @@ nautobot = "^{{ cookiecutter.min_nautobot_version }}"
 nautobot-chatops = "^3.0.1"
 
 [tool.poetry.group.dev.dependencies]
-bandit = "*"
 coverage = "*"
 django-debug-toolbar = "*"
 invoke = "*"

nautobot-app-ssot/{{ cookiecutter.project_slug }}/pyproject.toml

@@ -35,7 +35,6 @@ nautobot = "^{{ cookiecutter.min_nautobot_version }}"
 nautobot-ssot = "^2.0.0"
 
 [tool.poetry.group.dev.dependencies]
-bandit = "*"
 coverage = "*"
 django-debug-toolbar = "*"
 invoke = "*"

nautobot-app/{{ cookiecutter.project_slug }}/.github/workflows/ci.yml

@@ -27,17 +27,6 @@ jobs:
         uses: "networktocode/gh-action-setup-poetry-environment@v6"
       - name: "Linting: ruff format"
         run: "poetry run invoke ruff --action format"
-  bandit:
-    runs-on: "ubuntu-22.04"
-    env:
-      INVOKE_{{ cookiecutter.app_name.upper() }}_LOCAL: "True"
-    steps:
-      - name: "Check out repository code"
-        uses: "actions/checkout@v4"
-      - name: "Setup environment"
-        uses: "networktocode/gh-action-setup-poetry-environment@v6"
-      - name: "Linting: bandit"
-        run: "poetry run invoke bandit"
   ruff-lint:
     runs-on: "ubuntu-22.04"
     env:
@@ -84,7 +73,6 @@ jobs:
         run: "poetry run invoke yamllint"
   check-in-docker:
     needs:
-      - "bandit"
       - "ruff-format"
       - "ruff-lint"
       - "poetry"

nautobot-app/{{ cookiecutter.project_slug }}/docs/dev/contributing.md

@@ -4,7 +4,7 @@ The project is packaged with a light [development environment](dev_environment.m
 
 The project is following Network to Code software development guidelines and is leveraging the following:
 
-- Python linting and formatting: `pylint`, `bandit`, and `ruff`.
+- Python linting and formatting: `pylint` and `ruff`.
 - YAML linting is done with `yamllint`.
 - Django unit test to ensure the app is working properly.
 

nautobot-app/{{ cookiecutter.project_slug }}/docs/dev/dev_environment.md

@@ -123,7 +123,6 @@ Each command can be executed with `invoke <command>`. All commands support the a
 #### Testing
 
 ```
-  bandit           Run bandit to validate basic static code security analysis.
   ruff             Run ruff to perform code formatting and/or linting.
   pylint           Run pylint code analysis.
   tests            Run all tests for this app.
@@ -462,7 +461,6 @@ To run an individual test, you can run any or all of the following:
 
 ```bash
 ➜ invoke unittest
-➜ invoke bandit
 ➜ invoke ruff
 ➜ invoke pylint
 ```

nautobot-app/{{ cookiecutter.project_slug }}/pyproject.toml

@@ -35,7 +35,6 @@ python = ">=3.8,<3.13"
 nautobot = "^{{ cookiecutter.min_nautobot_version }}"
 
 [tool.poetry.group.dev.dependencies]
-bandit = "*"
 coverage = "*"
 django-debug-toolbar = "*"
 invoke = "*"
@@ -99,7 +98,6 @@ target-version = "py38"
 select = [
     "D",  # pydocstyle
     "F", "E", "W",  # flake8
-    "PL", # pylint
     "S",  # bandit
     "I",  # isort
 ]

nautobot-app/{{ cookiecutter.project_slug }}/tasks.py

@@ -739,13 +739,6 @@ def ruff(context, action=None, target=None, fix=False, output_format="concise"):
         run_command(context, command, warn=True)
 
 
-@task
-def bandit(context):
-    """Run bandit to validate basic static code security analysis."""
-    command = "bandit --recursive . --configfile .bandit.yml"
-    run_command(context, command)
-
-
 @task
 def yamllint(context):
     """Run yamllint to validate formatting adheres to NTC defined YAML standards.
@@ -825,8 +818,6 @@ def tests(context, failfast=False, keepdb=False, lint_only=False):
     # Sorted loosely from fastest to slowest
     print("Running ruff...")
     ruff(context)
-    print("Running bandit...")
-    bandit(context)
     print("Running yamllint...")
     yamllint(context)
     print("Running poetry check...")

pyproject.toml

@@ -16,7 +16,6 @@ python = "^3.8"
 pyyaml = "*"
 
 [tool.poetry.group.dev.dependencies]
-bandit = "*"
 coverage = "*"
 invoke = "*"
 isort = "*"