-
-
Notifications
You must be signed in to change notification settings - Fork 616
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
More control over exit code #640
Comments
As the author of --exit-zero PR I can implement this enhancement fairly easy. I've few questions though.
|
Hello, thanks for the reply! To answer your questions:
|
Not sure if this is still an active issue. My current solution to reporting only on high severity using
|
In Azure Pipelines, the exit code of a command determines the success or failure of a task. If any task in the pipeline fails, the entire pipeline run shows as a failure. We would like our Bandit task (and therefore the build) to fail if high severity and high confidence warnings are found, however we want the task (and the build) to succeed if there are low or medium severity warnings.
We would like a command line option or entry in the config file to allow users to choose exactly how Bandit will exit. This will allow users to much more easily integrate Bandit into their CI pipelines without the need for extra scripts. Since by default all warnings will cause Bandit to exit 1, we would like a command line option to specify which levels to exit 0 on. For example,
--exit-zero-severity l
would cause low severity warnings to exit zero, and--exit-zero-confidence mh
would cause medium and high confidence warnings to exit zero.We've considered only reporting high severity warnings using
-lll
, however we still want to see the low and medium warnings in the artifact and this flag would not display them. We could also force Bandit to always return 0, but then we lose the visibility of having high severity items fail in the pipeline.The text was updated successfully, but these errors were encountered: