Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use .gitignore as part of the excluded file list #1090

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Commits on Jan 20, 2024

  1. Use .gitignore as part of the excluded file list

    When using Bandit to scan projects based on Git source control,
    it would be benefitual to ignore files based on the patterns
    in the .gitignore file.
    
    Today, Bandit has some default excludes that get overridden if
    a user passes in other excludes. This is a bit confusing to the
    end user. But it also serves a purpose similar to .gitignore in
    that the paths excluded by default are typically included in a
    .gitignore.
    
    Note, it will only check for .gitignore files in top-level directories
    specified on the Bandit command line as targets. It does not recursive
    look for .gitignore files. This is done because recursive searching
    for .gitignore files would be complex to add to Bandit existing
    file discovery.
    
    This change adds a new Apache 2 licensed dependency of ignorelib.
    
    Fixes PyCQA#826
    
    Signed-off-by: Eric Brown <[email protected]>
    ericwb committed Jan 20, 2024
    Configuration menu
    Copy the full SHA
    442a692 View commit details
    Browse the repository at this point in the history