Skip to content

Commit

Permalink
Merge pull request #237 from tattle-made/hotfix
Browse files Browse the repository at this point in the history
Hotfix
  • Loading branch information
duggalsu authored Mar 22, 2024
2 parents 650a379 + a7c05bb commit 83e2efd
Show file tree
Hide file tree
Showing 2 changed files with 31 additions and 19 deletions.
16 changes: 14 additions & 2 deletions .github/workflows/bandit.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,16 @@ permissions:
on:
push:
branches: [ "main" ]
pull_request:
branches:
- main
- development
- hotfix
types:
- opened
- synchronize
- reopened
- ready_for_review
schedule:
- cron: '55 4 * * 2'

Expand All @@ -36,9 +46,11 @@ jobs:

- name: Bandit Scan
uses: shundor/python-bandit-scan@9cc5aa4a006482b8a7f91134412df6772dbda22c # v1.0
env:
EXIT_ZERO_VAL: ${{ (github.event_name != 'pull_request') && true || false }}
with: # optional arguments
# exit with 0, even with results found
exit_zero: true # optional, default is DEFAULT
# exit with 1 on pull request, else exit with 0 even if results found (on push to main or cron job)
exit_zero: env.EXIT_ZERO_VAL # optional, default is DEFAULT
# Github token of the repository (automatically created by Github)
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information.
# File or directory to run bandit on
Expand Down
34 changes: 17 additions & 17 deletions .github/workflows/pr-security.yml
Original file line number Diff line number Diff line change
Expand Up @@ -97,20 +97,20 @@ jobs:
with:
sarif_file: 'trivy-results.sarif'

- name: Bandit Scan
uses: shundor/python-bandit-scan@9cc5aa4a006482b8a7f91134412df6772dbda22c # v1.0
with: # optional arguments
# exit with 0, even with results found
exit_zero: false # optional, default is DEFAULT
# File or directory to run bandit on
path: ./src/ # optional, default is .
# Report only issues of a given severity level or higher. Can be LOW, MEDIUM or HIGH. Default is UNDEFINED (everything)
# level: HIGH # optional, default is UNDEFINED
# Report only issues of a given confidence level or higher. Can be LOW, MEDIUM or HIGH. Default is UNDEFINED (everything)
# confidence: # optional, default is UNDEFINED
# comma-separated list of paths (glob patterns supported) to exclude from scan (note that these are in addition to the excluded paths provided in the config file) (default: .svn,CVS,.bzr,.hg,.git,__pycache__,.tox,.eggs,*.egg)
# excluded_paths: # optional, default is DEFAULT
# comma-separated list of test IDs to skip
# skips: # optional, default is DEFAULT
# path to a .bandit file that supplies command line arguments
# ini_path: # optional, default is DEFAULT
# - name: Bandit Scan
# uses: shundor/python-bandit-scan@9cc5aa4a006482b8a7f91134412df6772dbda22c # v1.0
# with: # optional arguments
# # exit with 0, even with results found
# exit_zero: false # optional, default is DEFAULT
# # File or directory to run bandit on
# path: ./src/ # optional, default is .
# # Report only issues of a given severity level or higher. Can be LOW, MEDIUM or HIGH. Default is UNDEFINED (everything)
# # level: HIGH # optional, default is UNDEFINED
# # Report only issues of a given confidence level or higher. Can be LOW, MEDIUM or HIGH. Default is UNDEFINED (everything)
# # confidence: # optional, default is UNDEFINED
# # comma-separated list of paths (glob patterns supported) to exclude from scan (note that these are in addition to the excluded paths provided in the config file) (default: .svn,CVS,.bzr,.hg,.git,__pycache__,.tox,.eggs,*.egg)
# # excluded_paths: # optional, default is DEFAULT
# # comma-separated list of test IDs to skip
# # skips: # optional, default is DEFAULT
# # path to a .bandit file that supplies command line arguments
# # ini_path: # optional, default is DEFAULT

0 comments on commit 83e2efd

Please sign in to comment.