Giter Club home page Giter Club logo

bandit's Introduction

Ubuntu Public workflows that use this action.

Codacy Badge CI Update release version.

All Contributors

bandit

bandit is a security linter from PyCQA

Usage

Minimal version

...
    steps:
      - uses: actions/checkout@v2
      - name: Run bandit
        uses: tj-actions/[email protected]

Using inputs

...
    steps:
      - uses: actions/checkout@v2
      - name: Run bandit
        uses: tj-actions/[email protected]
        with:
          targets: |  # or a single string "." 
            test_package
          options: "-r"

If you feel generous and want to show some extra appreciation:

Support this project with a ⭐

Buy me a coffee

Inputs

INPUT TYPE REQUIRED DEFAULT DESCRIPTION
options string false "-r" Extra options passed directly to
bandit. See: OPTIONS.md for available choices
targets string true "." Module(s)/Package(s) to run bandit checks

Example

Screen Shot 2021-09-05 at 8 59 35 PM

Credits

This package was created with Cookiecutter.

Report Bugs

Report bugs at https://github.com/tj-actions/bandit/issues.

If you are reporting a bug, please include:

  • Your operating system name and version.
  • Any details about your workflow that might be helpful in troubleshooting.
  • Detailed steps to reproduce the bug.

TODO

  • Add support for running action on Windows, Mac OS

Contributors ✨

Thanks goes to these wonderful people (emoji key):


tlacroix
💻

This project follows the all-contributors specification. Contributions of any kind welcome!

bandit's People

Contributors

allcontributors[bot] avatar codacy-badger avatar dependabot-preview[bot] avatar dependabot[bot] avatar jackton1 avatar renovate-bot avatar renovate[bot] avatar repo-ranger[bot] avatar tlacroix avatar

Stargazers

avatar avatar

Watchers

avatar avatar avatar avatar avatar

Forkers

tlacroix isabella232 boidolr

bandit's Issues

Problem with input naming and escaping

  • bandit:

Description

The documentation defines the "targets" variable to enter the path, but the entrypoint.sh script uses $INPUT_PATH on line 7. The documentation should either be updated to change the variable name to path, or the script changed to use the variable $INPUT_TARGETS.

Also, in the script, the $INPUT variables are enclosed in double quotes. This means that you can't specify multiple options or multiple paths, because it will end up like this (example with 2 options and 2 paths):

bandit "--recursive -lll" "path1/ path2/"

rather than like this:

bandit --recursive -lll path1/ path2/

What I Did

To have it work, I had to use the following config:

    steps:
      - name: Checkout
        uses: actions/checkout@master
      - name: Bandit
        uses: tj-actions/bandit@main
        with:
          bandit_version: "1.7.0"
          path: "."
          options: "-rlll"

... whereas, according to the documentation, this config should have worked, but it does not for the reasons mentioned in the description section:

    steps:
      - name: Checkout
        uses: actions/checkout@master
      - name: Bandit
        uses: tj-actions/bandit@main
        with:
          bandit_version: "1.7.0"
          targets: "."
          options: "--recursive -lll"

Setup a test repo

Description

I'll like a sample test repo that can be used to simulate an actual bandit report.

Action Required: Fix Renovate Configuration

There is an error with this repository's Renovate configuration that needs to be fixed. As a precaution, Renovate will stop PRs until it is resolved.

Error type: Cannot find preset's package (github>whitesource/merge-confidence:beta)

Dependency Dashboard

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

Detected dependencies

dockerfile
Dockerfile
  • python 3.11.4-slim-buster
github-actions
.github/workflows/codacy-analysis.yml
  • actions/checkout v4
  • codacy/codacy-analysis-cli-action v4.4.5
  • github/codeql-action v3
.github/workflows/ghcr.yml
  • actions/checkout v4.1.7
  • tj-actions/branch-names v8
  • docker/setup-qemu-action v3.2.0
  • docker/setup-buildx-action v3.6.1
  • docker/login-action v3.3.0
  • docker/build-push-action v5.4.0
.github/workflows/rebase.yml
  • actions/checkout v4.1.7
  • cirrus-actions/rebase 1.8
.github/workflows/sync-release-version.yml
  • actions/checkout v4
  • tj-actions/release-tagger v4
  • tj-actions/sync-release-version v13
  • tj-actions/git-cliff v1
  • peter-evans/create-pull-request v6.1.0
.github/workflows/test.yml
  • actions/checkout v4
  • reviewdog/action-shellcheck v1.26
  • docker/setup-qemu-action v3
  • docker/setup-buildx-action v3
  • docker/build-push-action v5
.github/workflows/update-readme.yml
  • actions/checkout v4
  • tj-actions/auto-doc v3
  • tj-actions/remark v3
  • tj-actions/verify-changed-files v20
  • peter-evans/create-pull-request v6
pip_requirements
requirements.txt
  • bandit ==1.7.9
  • Check this box to trigger a request for Renovate to run again on this repository

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.