Merge pull request trustyai-explainability#32 from ruivieira/bandit-assert

chore: Ignore Bandit's assert warnings in tests

Author: ruivieira

.bandit.yaml

@@ -0,0 +1,7 @@
+# Ignore B101 (assert_used) only for files under tests/ (recursive)
+assert_used:
+  skips:
+    - "./tests/*.py"
+    - "./tests/*/*.py"
+    - "./tests/*/*/*.py"
+    - "./tests/*/*/*/*.py"

.github/workflows/security.yml

@@ -92,6 +92,7 @@ jobs:
         uses: PyCQA/bandit-action@67a458d90fa11fb1463e91e7f4c8f068b5863c7f
         with:
           targets: "."
+          configfile: ".bandit.yaml"
 
       - name: Upload SARIF results to Security tab
         if: github.ref == 'refs/heads/main'