# Security testing and scanning tools for MCA SDK
# Install with: pip install -r requirements-security.txt

# SAST (Static Application Security Testing)
bandit>=1.7.5  # Python security scanner
bandit[toml]>=1.7.5  # TOML config support for bandit

# Secret scanning
detect-secrets>=1.4.0  # Detect hardcoded secrets in code

# Dependency vulnerability scanning
pip-audit>=2.10.0  # Check Python dependencies for CVEs
safety>=3.0.0  # Alternative dependency checker

# Container image scanning
# Note: Trivy must be installed separately (binary)
# Installation: https://aquasecurity.github.io/trivy/latest/getting-started/installation/

# Certificate handling (for mTLS testing)
cryptography>=46.0.7  # Certificate validation and creation (CVE-2026-39892)

# Optional: Multi-language scanning
# snyk  # Requires account and CLI installation

# Test dependencies for security tests
pytest>=8.0.0  # Test framework
pytest-timeout>=2.2.0  # Timeout support for slow scans
setuptools>=78.1.1 # not directly required, pinned by Snyk to avoid a vulnerability
authlib>=1.6.9 # not directly required, pinned by Snyk to avoid a vulnerability
