https://pantsbuild.org/ logo
Join Slack
Powered by
Another question, it seems bandit isn't using the ...
# general
r
Another question, it seems bandit isn't using the config file I am using. This is how I have configured bandit using pants/flake8. Is there something I am missing?
Copy code
[bandit]
config = ".bandit.yml"
args = ["--quiet"]
lockfile = "build-support/bandit.txt"

[flake8]
config = ".flake8"
extra_requirements.add = [
  "flake8-black==0.3.2",
  "flake8-bandit==3.0.0",
  "setuptools==62.1.0",
]
lockfile = "build-support/flake8.txt"
āœ… 1
āœ… 1
This is 
.bandit.yml
Copy code
tests: ["B201", "B301", "S101"]
skips: ["B101", "B601", "B104"]

try_except_continue:
  check_typed_exception: false
try_except_pass:
  check_typed_exception: false
The issue seems to be because of 
flake8-bandit
plugin not able to read from this config file šŸ˜ž
b
Pants doesn't know it needs to carry along that config file when making the sandbox, as it isn't necessarily related to 
flake8
I'm not sure the best way to solve this either. Mind making an issue?
šŸ‘ 1
I'll comment on the issue, but TL;DR there's 2 ways to solve this: ā€¢ Have all pluggable lint tools allow for N config files being specified ā€¢ Add support for bandit as a first class tool (my preference)
r
Please have a look at the issue. I was bit unsure how to frame it. https://github.com/pantsbuild/pants/issues/15225
āœ… 1
b
In the meantime, would you be comfortable hacking something in an in-repo Pants plugin to unblock yourself?
You could make a first-class 
bandit
plugin. (And then upstream it šŸ˜‰ )
r
I deactivated the flake8-bandit plugin but bandit itself is running as part of CI.
n
Bandit is already supported by Pants though, so not sure there's really any benefit to using 
flake8-bandit
when using Pants :)
šŸ‘ 3
4 Views
Open in Slack
PreviousNext
Powered by