Bandit configuration problem

I’m trying to configure the Issue reporting to ignore the asserts in my tests and have created a .bandit file in the root of my repository but it does not seem to be effective.

assert_used:
  skips: ['tests/**/*.py', '*_test.py', '**/test_*.py']

My repo is public → https://github.com/JeremyDTaylor/fractal_python

I just tell bandit to ignore the tests folder locally in my pre-commit but then I am missing out on code quality, duplication and other warnings for my tests which is useful to have.

Hello @JeremyDTaylor, and welcome to the Codacy Community!

Just a very quick check, do you already have the Bandit configuration file enabled on your repository Code patterns page?

https://docs.codacy.com/repositories-configure/code-patterns/#using-your-own-tool-configuration-files

I think so yes.

1 Like

Hi @JeremyDTaylor,

I’m Madalena from the Support team - nice to meet you!

Thank you for confirming that the Configuration file is selected. I noticed that your commits are not being analysed because they were made by an email address that is not a member of your organization on Codacy. Could you add this email address as a member so that the commits are analysed?

Once that step is done, we can confirm whether there were any issues running Bandit and dig deeper into this.

2 Likes

Hi @Madalena thanks for responding.

I am not clear which email address you want me to add. For example this recent commit was from jeremy@tab2.com which seems to be a member email to me.

Naively I would expect Codacy to use the .bandit configuration file regardless of who had committed it to the repo.

1 Like

If both email addresses (jeremy@tab2.com and jeremy.taylor@tab2.com) are associated to your account on GitHub, logging out of Codacy and logging back in with GitHub should associate both email addresses to your organization on Codacy and allow the commits made by the email address jeremy@tab2.com to be analysed.

This is an important step because Codacy can’t analyse commits if the associated email addresses don’t belong to any Codacy user. You can find more information and context on this here.

In the meantime, we noticed on your repository that there is a syntax error on the first line of your Bandit configuration file.

Once the jeremy@tab2.com email address is a member of the organization and the bandit configuration file is corrected, we expect the tool to run correctly.

Let me know if anything is unclear or you have any additional questions :slight_smile:

And thank you to @paulo.ribeiro for spotting the syntax error :raised_hands:

3 Likes