Improved Usage Example (#6) Fixed deprecation issue, and added commun…

…ity features > [!NOTE] > > Due to the backup, upstream with [actions/starter-workflows#2497](actions/starter-workflows#2497) not yet resolved, this PR will include at-least two minor version bumps: > > * [v2.2](637c5c4) @ [637c5c4](637c5c4) > * [v2.3](f8cf05e) @ [f8cf05e](f8cf05e) ---
reactive-firewall · Dec 7, 2024 · ba51d0c · ba51d0c
2 parents ff1a646 + c56ff8d
commit ba51d0c
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 6 deletions.
diff --git a/README.md b/README.md
@@ -11,15 +11,15 @@ Bandit is a tool designed to find common security issues in Python code. This ac
 To run a bandit scan include a step like this:
 
 ```yaml
-    uses: reactive-firewall/python-bandit-scan@v2.1
+    uses: reactive-firewall/python-bandit-scan@v2.3
         with: # optional arguments
         # Github token of the repository (automatically created by Github)
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information.
         path: "."
-        level: high
+        level: low
         confidence: high
         # exit with 0, even with results found
-        exit_zero: true # optional, default is DEFAULT
+        # exit_zero: true # optional, default is DEFAULT
 ```
 
 ## Inputs
@@ -71,5 +71,5 @@ The action will create an artifact containing the sarif output.
 
 - :bow: This action is based on [bandit-action](https://github.com/mdegis/bandit-action) by [Melih Değiş](https://github.com/mdegis/).
 - :bow: This action is _also_ based on [python-bandit-scan](https://github.com/shundor/python-bandit-scan) by [shundor](https://github.com/shundor).
-- :bow: This fork includes fixes proposed by [Kenta Nakase](https://github.com/parroty) and [Thiago Grisolfi](https://github.com/Grisolfi) ... 🎉 but automated by @dependabot
+- :bow: This fork includes fixes proposed by [Kenta Nakase](https://github.com/parroty) and [Thiago Grisolfi](https://github.com/Grisolfi) and ["MrFired"](https://github.com/MrFired) ... 🎉 but automated by [@dependabot[bot]](https://github.com/apps/dependabot)
 
diff --git a/action.yml b/action.yml
@@ -32,6 +32,10 @@ inputs:
     description: 'path to a .bandit file that supplies command line arguments'
     required: false
     default: 'DEFAULT'
+  config_path:
+    description: 'path to a YAML or TOML file that supplies command line arguments'
+    required: false
+    default: 'DEFAULT'
   GITHUB_TOKEN:
     description: 'Github token of the repository (automatically created by Github)'
     required: true
@@ -102,21 +106,29 @@ runs:
         else
             INI_PATH="--ini $INPUT_INI_PATH"
         fi
-        bandit -f sarif -o results.sarif -r $INPUT_PATH $LEVEL $CONFIDENCE $EXCLUDED_PATHS $EXIT_ZERO $SKIPS $INI_PATH
+
+        if [ "$INPUT_CONFIG_PATH" == "DEFAULT" ]; then
+            CONFIG_PATH=""
+        else
+            CONFIG_PATH="-c $INPUT_CONFIG_PATH"
+        fi
+        bandit -f sarif -o results.sarif -r $INPUT_PATH $LEVEL $CONFIDENCE $EXCLUDED_PATHS $EXIT_ZERO $SKIPS $INI_PATH $CONFIG_PATH
       env:
         INPUT_PATH: ${{ inputs.path }}
         INPUT_LEVEL: ${{ inputs.level }}
         INPUT_CONFIDENCE: ${{ inputs.confidence }}
         INPUT_EXCLUDED_PATHS: ${{ inputs.excluded_paths }}
         INPUT_EXIT_ZERO: ${{ inputs.exit_zero }}
         INPUT_SKIPS: ${{ inputs.skips }}
-        INPUT_INI_PATH: ${{ inputs.ini_path }}        
+        INPUT_INI_PATH: ${{ inputs.ini_path }}
+        INPUT_CONFIG_PATH: ${{ inputs.config_path }}
 
     - name: Upload artifact
       uses: actions/upload-artifact@v4
       with:
         name: results.sarif
         path: results.sarif
+        overwrite: true
 
     - name: Upload SARIF file
       uses: github/codeql-action/upload-sarif@v3