Bandit #42
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # https://github.com/marketplace/actions/bandit-scan is ISC licensed, by abirismyname | |
| # https://pypi.org/project/bandit/ is Apache v2.0 licensed, by PyCQA | |
| name: Bandit | |
| on: | |
| push: | |
| branches: [ "main" ] | |
| pull_request: | |
| branches: [ "main" ] | |
| schedule: | |
| - cron: '12 10 * * 0' | |
| jobs: | |
| bandit: | |
| permissions: | |
| contents: read | |
| security-events: write | |
| actions: read | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Bandit Scan | |
| uses: shundor/python-bandit-scan@ab1d87dfccc5a0ffab88be3aaac6ffe35c10d6cd | |
| with: | |
| exit_zero: true | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| path: . | |
| level: UNDEFINED # Can be LOW, MEDIUM or HIGH. Default is UNDEFINED (everything) | |
| confidence: UNDEFINED # Can be LOW, MEDIUM or HIGH. Default is UNDEFINED (everything) | |
| excluded_paths: DEFAULT # comma-separated list of paths (glob patterns OK) (in addition to config) (default: .svn,CVS,.bzr,.hg,.git,__pycache__,.tox,.eggs,*.egg) | |
| skips: DEFAULT # comma-separated list of test IDs | |
| # ini_path: DEFAULT # path to a .bandit file that supplies command line arguments | |