Trouble with custom bandit config

codefactor-io / codefactor

Automated static analysis for C#, C++, Java, CSS, JS, Go, Python, Ruby, TypeScript, Scala, CoffeeScript, Groovy, C, SCSS, Less, PHP, Dockerfile, Bash, YAML and Swift.

https://www.codefactor.io

62 stars 31 forks source link

Trouble with custom bandit config #43

Closed djhoese closed 2 years ago

djhoese commented 2 years ago

I have a branch with a custom bandit config named .bandit in the root of the repository. Its contents are:

[bandit]
skips: B506
exclude: satpy/tests

Which are described here. However, CodeFactor seems to not recognize/use the skips parameter as I still get failures for B506: https://www.codefactor.io/repository/github/pytroll/satpy/pull/1901. This configuration seems to work when using bandit locally.

Any ideas what I'm doing wrong? Is this a bug in bandit? In CodeFactor?

cordis-dev commented 2 years ago

@djhoese thanks for reporting. It was an issue on CodeFactor. The PR for your repo should no longer report skipped issues.

djhoese commented 2 years ago

Thanks @cordis-dev. The B506 does seem to be skipped now, but now the exclude directory seems to be ignored as I'm getting issues identified with using assert in my satpy/tests directory.

cordis-dev commented 2 years ago

The path for exclude: was not resolving as expected. Thanks again. The PR should now exclude ignored paths.

djhoese commented 2 years ago

Looks good now. Thank you!