Control report severity level separately to exit code #696
Labels
enhancement
New feature or request
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
Currently in bandit the minimum severity for reporting and for triggering an exit code of 1 is always the same - controlled by
-l,-lland-lll. This means, for example, that I cannot run bandit in CI with all vulnerabilities going into a report, while failing the CI job on more severe issues.Describe the solution you'd like
Being able to control the two separately. For example,
-lllcan still control both, but perhaps having presence of equivalent-Lflags overriding what triggers an exit code of 1. So here's my example above in this format:Describe alternatives you've considered
I could just run bandit twice: the first time reporting everything with
--exit-zero; the second time just reporting high severity and allowing the exit code to influence CI.Additional context
This is part of how I'd like our CI to work whereby I use the excellent Microsoft open source Bandit SARIF formatter to create a SARIF report, which pushes to Github security issues.
The text was updated successfully, but these errors were encountered: