Migrate bandit options to pyproject.toml

... so that these options can be used by different tools than tox/pre-commit more easily. Change-Id: I1c308dbf98070e0d0d3aab64c00fe307922c7cfb Signed-off-by: Takashi Kajinami <kajinamit@oss.nttdata.com>
2025-10-03 00:03:32 +09:00
parent 5d9989cbe0
commit 615e42ad30
2 changed files with 9 additions and 5 deletions
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -21,8 +21,4 @@ repos:
    rev: 1.8.6
    hooks:
      - id: bandit
-        # B105-B107: hardcoded password checks - likely to generate false
-        #            positives in a gate environment
-        # B607: start process with a partial path - this should be a project
-        #       level decision
-        args: ['-x', 'tests', '-s', 'B105,B106,B107,B607']
+        args: ['-c', 'pyproject.toml']
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -45,3 +45,11 @@ vault = "castellan.key_manager.vault_key_manager:VaultKeyManager"
 packages = [
    "castellan"
 ]
+
+[tool.bandit]
+exclude_dirs = ["tests"]
+# B105-B107: hardcoded password checks - likely to generate false
+#            positives in a gate environment
+# B607: start process with a partial path - this should be a project
+#       level decision
+skips = ['B105', 'B106', 'B107', 'B607']