# bandit performs static security analysis of python packages
# https://bandit.readthedocs.io/en/latest/
# Add a file called `.bandit` with a custom config to the root of your project
# if you'd like a custom bandit config

python:bandit:
  stage: test
  image: registry.gitlab.com/notno/python-tests
  variables:
    CHECK_PATH: "./${PYTHON_PACKAGE}"
    SKIP_PATHS: "*/tests/*"  # Use a comma separated list to add more, such as "tests/*,src/tests.py"
  script:
    - pip show bandit
    - if [ ! -z "${SKIP_PATHS}" ]; then
        SKIP_ARG="-x ${SKIP_PATHS}";
      fi
    - bandit -r ${SKIP_ARG} ${CHECK_PATH}
  needs: []