Replies: 4 comments
-
| Might help to point to some other examples. I don't know if it can be done with poetry as I have never tried. But take a look at these: https://github.com/lyft/bandit-high-entropy-string | 
Beta Was this translation helpful? Give feedback.
-
| So you are saying that in order to run custom bandit rules, you must package your custom rules as a module, and install that module everytime you want to run bandit with your custom rules? Will there every be support for just referencing a new local bandit custom rule? | 
Beta Was this translation helpful? Give feedback.
-
| @JPalm1 I was able to get it to work with following pyproject.toml file [project] [project.entry-points."bandit.plugins"] Then i built my project pip3 install -r bandit_upgrade_custom_rules/requirements.txt my requirements.txt just has "-e . " in it to install my custom bandit rule package Now when i run bandit, it runs my rules automatically. You don't need to do anything else | 
Beta Was this translation helpful? Give feedback.
-
| Duplicate of #910 ? | 
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
I am using bandit (1.7.8) with an existing python project. I want to write my own custom Test Plugins. I am using Poetry to manage the package dependencies of my existing project. I have a
bandit.ymlfile that specifiesin built bandit plugin configurations.What is the best way to set my custom plugin so that Bandit recognises it automatically? My folder structure is:
In this case, what is the best way to set up the project to automatically detect the plugin logic in
my_custom_plugin.py?I have tried:
pyproject.toml:setup.cfg/setup.pyfile(s) inplugins/directory to treatplugins/as a package and define the entry points, in conjunction with importingplugins/as a package in my rootpyproject.toml.Neither of these approaches seemed to work.
Any insight would be much appreciated!
example code in my_custom_plugin I have used (error when httpx is called):
Beta Was this translation helpful? Give feedback.
All reactions