[ThePadawan]

> Me but with Flask and its cohorts like Werkzeug. I always found the amount of security advisories with Django vs that to be something alarming.

At work, another team introduced automated CVE scanning to fulfill a contractual obligation to do so. When they asked me to implement this on my team's Django project, I said "well alright, as long as it doesn't constantly break the build because of some obscure false positive CVE".

Within a week, the CI job was broken because of 5 "CVE"s. 4 were false positives for our project and 1 was a configuration error by the other team.

Just to let you know to take "number of CVEs" with a large grain of salt.