Giter VIP home page Giter VIP logo

py3-bandit-check's Introduction

py3-bandit-action

GitHub action to run python Bandit

If triggered through a PullRequest, this action will run bandit only on changed files. On merge to your release branch, this action will run bandit on the entire code-base.

Usage

To use this github action, configure a YAML workflow file, e.g. .github/workflows/bandit.yml, with the following:

name: Bandit
on:
  pull_request:
  push:
    branches:
      - master #dev, release, etc.
  release:
    types:
      - created

jobs:
  bandit:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
        with:
          fetch-depth: 0 #get fuller history
      - name: Run Bandit Report
        uses: libertyy/py3-bandit-check@v2
      - name: Save Bandit txt Report
        if: ${{ always() }}
        uses: actions/upload-artifact@v2
        with:
          path: ${{ RUNNER.temp }}/_github_home/bandit_report.out

Inputs

This action uses environment variables to override some of the defaults used to invoke bandit

Name Description Default
TARGET_DIR On full run, target this directory and its contents "./"
BANDIT_EXCLUDE Bandit exclude pattern '/tests/,*/settings/local.py'
BANDIT_REPORT Fully Qualified path for the bandit txt report "$HOME/_github_home/bandit_report.out"
BANDIT_DEBUG Run bandit with set -x empty

py3-bandit-check's People

Contributors

conuigwe avatar fangzli avatar libertyy avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.