From ec56cc096721ca2a7fe56556805fa135a96ba4b0 Mon Sep 17 00:00:00 2001 From: Ata Tekeli Date: Tue, 17 Sep 2024 16:18:44 +0300 Subject: [PATCH 1/6] add github-actions documentation --- doc/source/ci-cd/github-actions.rst | 50 +++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 doc/source/ci-cd/github-actions.rst diff --git a/doc/source/ci-cd/github-actions.rst b/doc/source/ci-cd/github-actions.rst new file mode 100644 index 000000000..0865dd6d3 --- /dev/null +++ b/doc/source/ci-cd/github-actions.rst @@ -0,0 +1,50 @@ +----------------- +GitHub-Actions +----------------- + +Here is a minimal complete example workflow to create a Code Scanning action using Bandit by using GitHub Actions from PyCQA's `bandit-action `. + +----------------- +Example YAML code for GitHub Actions Pipeline +----------------- + +.. code-block:: yaml + + name: Bandit + + on: + workflow_dispatch: + + jobs: + analyze: + runs-on: ubuntu-latest + permissions: + # required for all workflows + security-events: write + # only required for workflows in private repositories + actions: read + contents: read + steps: + - name: Perform Bandit Analysis + uses: PyCQA/bandit-action@v1 + +----------------- +Inputs +----------------- + +.. list-table:: + :widths: 30 50 10 20 + + * Name * Description * Required * Default Value + * configfile * Config file to use for selecting plugins and overriding defaults * False * "DEFAULT" + * profile * Profile to use (defaults to executing all tests) * False * "DEFAULT" + * tests * Comma-separated list of test IDs to run * False * "DEFAULT" + * skips * Comma-separated list of test IDs to skip * False * "DEFAULT" + * severity * Report only issues of a given severity level or higher. "all" and "low" are likely to produce the same results, but it is possible for rules to be undefined which will not be listed in "low".   + Options include: (all, high, medium, low) * False * "DEFAULT" + * confidence * Report only issues of a given confidence level or higher. "all" and "low" are likely to produce the same results, but it is possible for rules to be undefined which will not be listed in "low". + Options include: {all, high, medium, low} * False * "DEFAULT" + * exclude * Comma-separated list of paths (glob patterns supported) to exclude from scan (note that these are in addition to the excluded paths provided in the config file) * False * ".svn,CVS,.bzr,.hg,.git,__pycache__,.tox,.eggs,*.egg" + * baseline * Path of a baseline report to compare against (only JSON-formatted files are accepted) * False * "DEFAULT" + * ini * Path to a .bandit file that supplies command line arguments * False * "DEFAULT" + * targets * Source file(s) or directory(s) to be tested * False * "." \ No newline at end of file From d4400ac4fe2f4fd75d33fabb8648fe49dd615810 Mon Sep 17 00:00:00 2001 From: Ata Tekeli Date: Wed, 18 Sep 2024 15:36:40 +0300 Subject: [PATCH 2/6] made suggested changes to documentation --- doc/source/ci-cd/github-actions.rst | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/doc/source/ci-cd/github-actions.rst b/doc/source/ci-cd/github-actions.rst index 0865dd6d3..c44919923 100644 --- a/doc/source/ci-cd/github-actions.rst +++ b/doc/source/ci-cd/github-actions.rst @@ -1,12 +1,12 @@ ------------------ +============== GitHub-Actions ------------------ +============== Here is a minimal complete example workflow to create a Code Scanning action using Bandit by using GitHub Actions from PyCQA's `bandit-action `. ------------------ +============== Example YAML code for GitHub Actions Pipeline ------------------ +============== .. code-block:: yaml @@ -28,9 +28,9 @@ Example YAML code for GitHub Actions Pipeline - name: Perform Bandit Analysis uses: PyCQA/bandit-action@v1 ------------------ +============== Inputs ------------------ +============== .. list-table:: :widths: 30 50 10 20 From 6e688642c0cf84c582d3030380952a86c66dfb66 Mon Sep 17 00:00:00 2001 From: Ata Tekeli Date: Sun, 22 Dec 2024 19:02:51 +0300 Subject: [PATCH 3/6] doc: make suggested change to the file --- doc/source/ci-cd/github-actions.rst | 105 ++++++++++++++++++---------- 1 file changed, 70 insertions(+), 35 deletions(-) diff --git a/doc/source/ci-cd/github-actions.rst b/doc/source/ci-cd/github-actions.rst index c44919923..b79bab09a 100644 --- a/doc/source/ci-cd/github-actions.rst +++ b/doc/source/ci-cd/github-actions.rst @@ -1,12 +1,12 @@ -============== -GitHub-Actions -============== +GitHub Actions Workflow for Bandit +================================== -Here is a minimal complete example workflow to create a Code Scanning action using Bandit by using GitHub Actions from PyCQA's `bandit-action `. +This document provides a minimal complete example workflow for setting up a Code Scanning action using Bandit through GitHub Actions. It leverages PyCQA's `bandit-action `_ for seamless integration. -============== -Example YAML code for GitHub Actions Pipeline -============== +Example YAML Code for GitHub Actions Pipeline +--------------------------------------------- + +Below is an example configuration for the GitHub Actions pipeline: .. code-block:: yaml @@ -17,34 +17,69 @@ Example YAML code for GitHub Actions Pipeline jobs: analyze: - runs-on: ubuntu-latest - permissions: - # required for all workflows - security-events: write - # only required for workflows in private repositories - actions: read - contents: read - steps: - - name: Perform Bandit Analysis - uses: PyCQA/bandit-action@v1 - -============== + runs-on: ubuntu-latest + permissions: + # Required for all workflows + security-events: write + # Only required for workflows in private repositories + actions: read + contents: read + steps: + - name: Perform Bandit Analysis + uses: PyCQA/bandit-action@v1 + Inputs -============== +====== + +Below is a list of available inputs for the `bandit-action` and their descriptions: .. list-table:: - :widths: 30 50 10 20 - - * Name * Description * Required * Default Value - * configfile * Config file to use for selecting plugins and overriding defaults * False * "DEFAULT" - * profile * Profile to use (defaults to executing all tests) * False * "DEFAULT" - * tests * Comma-separated list of test IDs to run * False * "DEFAULT" - * skips * Comma-separated list of test IDs to skip * False * "DEFAULT" - * severity * Report only issues of a given severity level or higher. "all" and "low" are likely to produce the same results, but it is possible for rules to be undefined which will not be listed in "low".   - Options include: (all, high, medium, low) * False * "DEFAULT" - * confidence * Report only issues of a given confidence level or higher. "all" and "low" are likely to produce the same results, but it is possible for rules to be undefined which will not be listed in "low". - Options include: {all, high, medium, low} * False * "DEFAULT" - * exclude * Comma-separated list of paths (glob patterns supported) to exclude from scan (note that these are in addition to the excluded paths provided in the config file) * False * ".svn,CVS,.bzr,.hg,.git,__pycache__,.tox,.eggs,*.egg" - * baseline * Path of a baseline report to compare against (only JSON-formatted files are accepted) * False * "DEFAULT" - * ini * Path to a .bandit file that supplies command line arguments * False * "DEFAULT" - * targets * Source file(s) or directory(s) to be tested * False * "." \ No newline at end of file + :header-rows: 1 + :widths: 20 50 10 20 + + * - Name + - Description + - Required + - Default Value + * - ``configfile`` + - Config file to use for selecting plugins and overriding defaults. + - False + - ``DEFAULT`` + * - ``profile`` + - Profile to use (defaults to executing all tests). + - False + - ``DEFAULT`` + * - ``tests`` + - Comma-separated list of test IDs to run. + - False + - ``DEFAULT`` + * - ``skips`` + - Comma-separated list of test IDs to skip. + - False + - ``DEFAULT`` + * - ``severity`` + - Report only issues of a given severity level or higher. Options include ``all``, ``high``, ``medium``, ``low``. + Note: ``all`` and ``low`` may produce similar results, but undefined rules will not be listed under ``low``. + - False + - ``DEFAULT`` + * - ``confidence`` + - Report only issues of a given confidence level or higher. Options include ``all``, ``high``, ``medium``, ``low``. + Note: ``all`` and ``low`` may produce similar results, but undefined rules will not be listed under ``low``. + - False + - ``DEFAULT`` + * - ``exclude`` + - Comma-separated list of paths (glob patterns supported) to exclude from the scan. These are in addition to excluded paths provided in the config file. + - False + - ``.svn,CVS,.bzr,.hg,.git,__pycache__,.tox,.eggs,*.egg`` + * - ``baseline`` + - Path of a baseline report to compare against (only JSON-formatted files are accepted). + - False + - ``DEFAULT`` + * - ``ini`` + - Path to a ``.bandit`` file that supplies command-line arguments. + - False + - ``DEFAULT`` + * - ``targets`` + - Source file(s) or directory(s) to be tested. + - False + - ``.`` \ No newline at end of file From 7c45b3b0ab153229c1fbcff867d53741aa8315e3 Mon Sep 17 00:00:00 2001 From: Ata Tekeli Date: Fri, 21 Feb 2025 00:27:15 +0300 Subject: [PATCH 4/6] fix: added index.rst for ci-cd directory --- doc/source/ci-cd/index.rst | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 doc/source/ci-cd/index.rst diff --git a/doc/source/ci-cd/index.rst b/doc/source/ci-cd/index.rst new file mode 100644 index 000000000..2ad0f3e71 --- /dev/null +++ b/doc/source/ci-cd/index.rst @@ -0,0 +1,22 @@ +.. _ci-cd: + +Continuous Integration and Deployment (CI/CD) +================================================ + +This section provides documentation for setting up Continuous Integration and Deployment (CI/CD) pipelines for automated security scanning and quality assurance in this project. + +Supported CI/CD Platforms +-------------------------- +The following CI/CD platforms are covered: + +- **GitHub Actions**: Example workflows for security scanning and quality checks. + +Available Documentation +------------------------ + +.. toctree:: + :maxdepth: 1 + + github-actions + +More CI/CD platforms and configurations may be added over time. Contributions and improvements to these configurations are welcome. From bf4190ef40e8826777d1c690c9c768f19dcba1e0 Mon Sep 17 00:00:00 2001 From: Ata Tekeli Date: Fri, 21 Feb 2025 11:15:16 +0300 Subject: [PATCH 5/6] fix: reference ci-cd in toctree --- doc/source/index.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/source/index.rst b/doc/source/index.rst index fbf3e205e..f59035818 100644 --- a/doc/source/index.rst +++ b/doc/source/index.rst @@ -17,6 +17,7 @@ Using and Extending Bandit blacklists/index formatters/index faq + ci-cd/index Contributing ============ From 8df0a1e82078b6399e986d125b6e96d9ad7725a5 Mon Sep 17 00:00:00 2001 From: Ata Tekeli Date: Sun, 23 Feb 2025 11:17:54 +0300 Subject: [PATCH 6/6] fix: completed all suggested fixes --- doc/source/ci-cd/github-actions.rst | 9 +++++++-- doc/source/ci-cd/index.rst | 18 ++++++++++-------- doc/source/index.rst | 2 +- 3 files changed, 18 insertions(+), 11 deletions(-) diff --git a/doc/source/ci-cd/github-actions.rst b/doc/source/ci-cd/github-actions.rst index b79bab09a..a210b38be 100644 --- a/doc/source/ci-cd/github-actions.rst +++ b/doc/source/ci-cd/github-actions.rst @@ -1,7 +1,11 @@ GitHub Actions Workflow for Bandit ================================== -This document provides a minimal complete example workflow for setting up a Code Scanning action using Bandit through GitHub Actions. It leverages PyCQA's `bandit-action `_ for seamless integration. +This document provides a minimal complete example workflow for +setting up a Code Scanning action using Bandit through GitHub +Actions. It leverages PyCQA's `bandit-action +`_ for seamless +integration. Example YAML Code for GitHub Actions Pipeline --------------------------------------------- @@ -31,7 +35,8 @@ Below is an example configuration for the GitHub Actions pipeline: Inputs ====== -Below is a list of available inputs for the `bandit-action` and their descriptions: +Below is a list of available inputs for the `bandit-action` and +their descriptions: .. list-table:: :header-rows: 1 diff --git a/doc/source/ci-cd/index.rst b/doc/source/ci-cd/index.rst index 2ad0f3e71..8b2aae83c 100644 --- a/doc/source/ci-cd/index.rst +++ b/doc/source/ci-cd/index.rst @@ -1,22 +1,24 @@ .. _ci-cd: Continuous Integration and Deployment (CI/CD) -================================================ - -This section provides documentation for setting up Continuous Integration and Deployment (CI/CD) pipelines for automated security scanning and quality assurance in this project. +============================================= +This section provides documentation for setting up Continuous +Integration and Deployment (CI/CD) pipelines for automated +security scanning and quality assurance in this project. Supported CI/CD Platforms --------------------------- +------------------------- + The following CI/CD platforms are covered: - **GitHub Actions**: Example workflows for security scanning and quality checks. - Available Documentation ------------------------- +----------------------- .. toctree:: :maxdepth: 1 github-actions - -More CI/CD platforms and configurations may be added over time. Contributions and improvements to these configurations are welcome. +More CI/CD platforms and configurations may be added over time. +Contributions and improvements to these configurations are +welcome. diff --git a/doc/source/index.rst b/doc/source/index.rst index f59035818..4248b6c13 100644 --- a/doc/source/index.rst +++ b/doc/source/index.rst @@ -16,8 +16,8 @@ Using and Extending Bandit plugins/index blacklists/index formatters/index - faq ci-cd/index + faq Contributing ============