Trouble with custom bandit config

Question

Trouble with custom bandit config

djhoese opened this issue 3 years ago · 4 comments

I have a branch with a custom bandit config named .bandit in the root of the repository. Its contents are:

[bandit]
skips: B506
exclude: satpy/tests

Which are described here. However, CodeFactor seems to not recognize/use the skips parameter as I still get failures for B506: https://www.codefactor.io/repository/github/pytroll/satpy/pull/1901. This configuration seems to work when using bandit locally.

Any ideas what I'm doing wrong? Is this a bug in bandit? In CodeFactor?

Answer 1 · 2021-11-27T09:41:07.000Z

@djhoese thanks for reporting. It was an issue on CodeFactor. The PR for your repo should no longer report skipped issues.

Answer 2 · 2021-11-28T20:47:31.000Z

Thanks @cordis-dev. The B506 does seem to be skipped now, but now the exclude directory seems to be ignored as I'm getting issues identified with using assert in my satpy/tests directory.

Answer 3 · 2021-11-29T08:30:33.000Z

The path for exclude: was not resolving as expected. Thanks again. The PR should now exclude ignored paths.

Answer 4 · 2021-11-29T13:10:33.000Z

Looks good now. Thank you!