chore: Update bandit config

Author: bow

.github/workflows/ci.yml

@@ -57,7 +57,7 @@ jobs:
             rule: lint-types
           - name: Lint other metrics
             rule: lint-metrics
-          - name: Scan AST security
+          - name: Scan AST
             rule: scan-sec-ast
           - name: Scan dependencies
             rule: scan-sec-deps

justfile

@@ -97,7 +97,7 @@ scan-sec: scan-sec-ast scan-sec-deps
 
 # Perform static security analysis on the AST.
 scan-sec-ast:
-    bandit -r {{src-dir}}
+    bandit -c pyproject.toml -r {{src-dir}}
 
 # Scan dependencies for reported vulnerabilities.
 scan-sec-deps:

pyproject.toml

@@ -125,6 +125,9 @@ warn_unreachable = true
 allow_untyped_globals = false
 strict_equality = true
 
+[tool.bandit]
+skips = ["B104", "B404", "B603"]
+
 [tool.black]
 line-length = 88
 target-version = ["py312"]