Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
How to check the exclude path works in the .bandit file ?
See original GitHub issueMy .bandit file looks like below.
[bandit]
exclude: \static,\templates
skips: B413,B601,B501,B602,B605
Command line output.
wus-macbook-pro:~ wuwei$ bandit -lll vmonic/git_repo/devops-online/ -r
[main] INFO Found project level .bandit file: vmonic/git_repo/devops-online/.bandit
[main] INFO Using ini file for excluded paths
[main] INFO Using ini file for skipped tests
[main] INFO Using command line arg for selected targets
[main] INFO profile include tests: None
[main] INFO profile exclude tests: None
[main] INFO cli include tests: None
[main] INFO cli exclude tests: B413,B601,B501,B602,B605
[main] INFO running on Python 2.7.13
66 [0.. 50.. ]
Run started:2018-10-08 09:06:15.117350
Test results:
.......
Code scanned:
Total lines of code: 16347
Total lines skipped (#nosec): 3
Run metrics:
Total issues (by severity):
Undefined: 0
Low: 83
Medium: 64
High: 2
Total issues (by confidence):
Undefined: 0
Low: 23
Medium: 7
High: 119
Files skipped (0):
My question is , the total code line scanned is the same as before and after I write the .bandit file and the command line output do not give me clearly information that my config to exclude /templates folder works or not.
Issue Analytics
- State:
- Created 5 years ago
- Comments:6 (3 by maintainers)
Top Results From Across the Web
bandit - Adding command line option to exclude paths
This commit adds a command line option '--exclude' where comma separated paths to exclude can be provided. These will be excluded in addition...
Read more >Configuration — Bandit documentation - Read the Docs
comma separated list of excluded paths (directories or files) – YAML and TOML only; skips: comma separated list of tests to skip; tests:...
Read more >Remove venv folder from bandit scan - python - Stack Overflow
poetry run bandit --exclude "./absolute/path/.venv" -r . Use the absolute path in the config file too: [tool.bandit] targets = "my_package" ...
Read more >Bandit Documentation - Read the Docs
Bandit is a tool designed to find common security issues in Python code. To do this, Bandit processes each file, builds.
Read more >bandit 0.17.2 - PyPI
Bandit is a tool designed to find common security issues in Python code. To do this Bandit processes each file, builds an AST...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
better use in your bandit config file
@wen96 the new issue is https://github.com/PyCQA/bandit/issues/488