Update bandit to read output from a tmp file (#329)

David Apirian · web-flow · commit 17617ed82c54 · 2023-06-23T12:24:23.000-07:00
Occasionally bandit prints a mix of json and progress update text to
stdout, which screws up our ability to parse the json, for example:
```
Working... ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 100% 0:00:01
{
  "errors": [],
  "generated_at": "2023-06-23T12:48:22Z",
  "metrics": {
    "_totals": {
...
```

Using `--output` gets around this problem
diff --git a/linters/bandit/plugin.yaml b/linters/bandit/plugin.yaml
@@ -11,8 +11,9 @@ lint:
         - name: lint
           # Custom parser type defined in the trunk cli to handle bandit's JSON output.
           output: bandit
-          run: bandit --exit-zero --format json ${target}
+          run: bandit --exit-zero --format json --output ${tmpfile} ${target}
           success_codes: [0]
+          read_output_from: tmp_file
           batch: true
           cache_results: true
           is_security: true
