Setting up Ubuntu + VS Code + Bandit + Semgrep

After completing Day 1 of getting my workstation physically and digitally ready, Day 2 was all about fine-tuning my space for code auditing and static analysis. I’m keeping things lightweight, efficient, and practical — the minimalist way.

🖥️ The Setup: Ubuntu Workstation

I’m running Ubuntu 22.04 LTS, a solid, stable base for development and security analysis. I chose Ubuntu for its community support, rich package ecosystem, and how customizable it is for personal workflows.

I kept the installation minimal — no bloated extras, just the essentials:

GNOME for UI (might switch to a tiling WM later)
Git
Curl
Zsh + Oh My Zsh
Python 3 and pip
A secure SSH setup

🛠️ My Main Tools

1. Visual Studio Code

My preferred editor — fast, modern, and has all the extensions I need.
Key extensions installed:

Python
Remote - SSH
GitLens
Bracket Pair Colorizer 2
Semgrep VS Code extension

2. Bandit – Python Security Linter

Bandit scans Python code for common security issues.

pip install bandit

To run it:

bandit -r path/to/your/code

Super helpful for spotting insecure code patterns fast.

3. Semgrep – Fast, Open-Source Static Analysis

Semgrep is like grep on steroids but with the power of abstract syntax trees.

Install:

pip install semgrep

Example usage:

semgrep --config=p/ci path/to/your/code

I’m currently using Semgrep’s curated security rules to catch logic flaws and hardcoded secrets.

🧠 Why Minimalist?

I want to focus more on learning and doing, not on tweaking or maintaining a bulky setup. Every tool I install must:

Help me move faster
Increase security or clarity
Work well in terminal or IDE

✅ What’s Next?

Tomorrow, I’ll start my first hands-on code audit — scanning a small repo and documenting the vulnerabilities I find using Bandit.

🚀 Day 2: My Minimalist Workstation for Code Auditing