From 7bd5a82aca94a14626a6b4ee1e6851b388fb0514 Mon Sep 17 00:00:00 2001
From: Takashi Kajinami <kajinamit@oss.nttdata.com>
Date: Fri, 3 Oct 2025 00:04:47 +0900
Subject: [PATCH] Migrate bandit options to pyproject.toml

... so that these options can be used by different tools than
tox/pre-commit more easily.

Change-Id: Ia575e629cad18d823120116a8749906fb2140a1a
Signed-off-by: Takashi Kajinami <kajinamit@oss.nttdata.com>
---
 .pre-commit-config.yaml | 2 +-
 pyproject.toml          | 4 ++++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index bb527cad0..5b6d5f6b9 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -38,7 +38,7 @@ repos:
     rev: 1.8.3
     hooks:
       - id: bandit
-        args: ['-x', 'tests', '-s', 'B101,B311,B320']
+        args: ['-c', 'pyproject.toml']
   - repo: https://github.com/astral-sh/ruff-pre-commit
     rev: v0.12.1
     hooks:
diff --git a/pyproject.toml b/pyproject.toml
index 6715a7327..89c28de27 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -30,3 +30,7 @@ ignore = [
 [tool.ruff.lint.mccabe]
 # Flag errors (`C901`) whenever the complexity level exceeds 5.
 max-complexity = 20
+
+[tool.bandit]
+exclude_dirs = ['tests']
+skips = ['B101', 'B311', 'B320']