update bandit actions config to a more current version#352
Open
MoralCode wants to merge 1 commit into
Open
Conversation
Signed-off-by: Adrian Edwards <adredwar@redhat.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Despite multiple previous attempts (i.e. #266 ), Bandit is still flagging scan results in unit test files.
This seems to be caused by the outdated nature of the upstream action. While the action had a way to exclude "paths", I suspect this wasnt getting passed in correctly (or was being interpreted as a file path, not a directory). This, combined with a lack of a config item that mapped to
-cfor specifiying a config file (i.e. ourpyproject.toml), meant that bandit likely wasn't even seeing the preference we had set to ignore thetestsdirectory.This PR updates our bandit job to be based on the changes proposed in shundor/python-bandit-scan#6, which bring in this
-cconfiguration value, as well as bump some other components to newer versions.This PR fixes #239
Notes for Reviewers
As a CI job, testing will probably need to be done mainly after-merge to see if this has an impact. my plan is to (once again) clear out all the false positive results from unit test files in the github code scanning tab and then wait for the next tuesday (when this action is scheduled to rerun)
Signed commits