841 add bandit to pipeline (!44) · Merge requests · Iron Bank / ironbank-modules · GitLab

UNCLASSIFIED - NO CUI

Jeffrey Wuebbles requested to merge 841-add-bandit-to-pipeline into main Dec 21, 2023

Description

Issue: https://repo1.dso.mil/ironbank-tools/ironbank-pipeline/-/issues/841

Bandit has been added to the irobank-modules pipeline.
It exits with 1 if there are any findings.
- This causes the job to fail, so the bandit job is set to allow to fail for now while we work on mitigating the findings.
There are currently 0 high findings.
The bandit job also generates a report artifact.
The following jobs have been pulled into one stage called "code-check": bandit, format, lint, trufflehog, unit-testing.

Risk

N/A

Testing

To run the bandit job locally run the command make run_bandit.

Edited Jan 02, 2024 by Jeffrey Wuebbles

UNCLASSIFIED - NO CUI