Does 'safety' check make sense?

Considering the ROS way of working, where the recommendation is to use system packaged Python dependencies, I'm not sure the safety check makes a lot of sense in the CI setup. If I understood properly, it checks for vulnerabilities in installed packages, the specific versions of which we're not really able to control.

Also, in practice, this job is constantly failing because of some vulnerability in the version of pip included in python:3-alpine docker image, which isn't even necessarily representative of the default environments where our developments will run.

I'd therefore suggest to remove the safety check (while keeping bandit, I guess?, which seems to be about analyzing the code?).

What do you think @jon.azpiazu, @inigo.moreno?