Add bandit to pre-commit

collective · Nov 8, 2023 · ac751be · ac751be
1 parent 4f4714e
commit ac751be
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 0 deletions.
diff --git a/.meta.toml b/.meta.toml
@@ -21,6 +21,10 @@ towncrier_issue_format = "[#{issue}](https://github.com/collective/pas.plugins.o
 extra_lines = """
 [tool.coverage.run]
 omit = ["*/locales/*"]
+
+[tool.bandit]
+targets = "src/pas/plugins/oidc"
+exclude_dirs = ["src/pas/plugins/oidc/locales"]
 """
 
 [gitignore]
@@ -42,3 +46,13 @@ jobs = [
     "dependencies",
     "release_ready",
     ]
+
+[pre_commit]
+extra_lines = """
+- repo: https://github.com/PyCQA/bandit
+  rev: '1.7.5'
+  hooks:
+  - id: bandit
+    args: ["-c", "pyproject.toml"]
+    additional_dependencies: ["bandit[toml]"]
+"""
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -84,6 +84,12 @@ repos:
 #  """
 ##
 
+- repo: https://github.com/PyCQA/bandit
+  rev: '1.7.5'
+  hooks:
+  - id: bandit
+    args: ["-c", "pyproject.toml"]
+    additional_dependencies: ["bandit[toml]"]
 
 ##
 # Add extra configuration options in .meta.toml:

diff --git a/pyproject.toml b/pyproject.toml
@@ -160,6 +160,10 @@ ignore = [
 [tool.coverage.run]
 omit = ["*/locales/*"]
 
+[tool.bandit]
+targets = "src/pas/plugins/oidc"
+exclude_dirs = ["src/pas/plugins/oidc/locales"]
+
 ##
 # Add extra configuration options in .meta.toml:
 #  [pyproject]