codacy / codacy-bandit Goto Github PK
View Code? Open in Web Editor NEWBandit Python Tool for Codacy
License: Other
Bandit Python Tool for Codacy
License: Other
Codacy reports a few patterns, I would say falsely, that are very commonplace in test development.
assert
is the main pattern when using pytestThe result of Codacy's current defaults is that we have projects where 100% of the reported issues are in the test suite, e.g. https://app.codacy.com/manual/VSHN/concierge-cli/issues/index
I'm aware that Bandit has its own shortcomings (see PyCQA/bandit#603) and the reported issues come directly from the tool. But given the fact that you seem to run a custom approach, you as a code quality platform should probably set the standards here (read: sane, intuitive defaults).
The names of the Bandit rules on Codacy include spurious Markdown code from the permalinks in the original documentation:
If .bandit
file is found, it is run with bandit -c .bandit
. (see above)
This is wrong.
.bandit
file is expected to be in INI format and must be run with bandit --ini .bandit
.
https://bandit.readthedocs.io/en/latest/config.html#
To use this, put an INI file named
.bandit
in your project’s directory. [...]
BTW: the bandit.yml
is a config, not an INI, and is correctly called with bandit -c bandit.yml
It would be great for codacy to support [bandit]
section in setup.cfg
file and alternatively [tool.bandit]
in pyproject.toml
file.
The detected configuration files at the moment (.bandit
and bandit.yml
) are most definitely less often used in repos than the setup.cfg
/pyproject.toml
variants as they are employed to combine settings for many such static analysis/testing tools.
Hi,
would it be possible to use also .bandit
name for the config file, since it is the default?
Or at least write somewhere a note to be able to get the right name easily, so people do not need to go through the code:
https://github.com/codacy/codacy-bandit/blob/master/src/main/scala/codacy/bandit/Bandit.scala#L68
Thanks in advance!
Dependabot couldn't authenticate with https://pypi.python.org/simple/.
You can provide authentication details in your Dependabot dashboard by clicking into the account menu (in the top right) and selecting 'Config variables'.
This is running a patched version of 1.02. Bandit 1.4.0 is out and fixes some bugs, such as openstack-archive/bandit@e98515f
Please consider upgrading here and at https://github.com/codacy/bandit
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.