Skip to content

Commit bb9f8d5

Browse files
ericwbericwb
authored
Update README with usage instructions (#11)
This change adds usage for users that outlines the workflow example and all the available inputs.
1 parent 8a1b306 commit bb9f8d5

File tree

1 file changed

+42
-2
lines changed

1 file changed

+42
-2
lines changed

README.md

Lines changed: 42 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,2 +1,42 @@
1-
# bandit-action
2-
GitHub Action for Bandit
1+
# Bandit by PyCQA
2+
3+
The official [Bandit](https://github.com/PyCQA/bandit) Action developed by the [PyCQA](https://github.com/PyCQA).
4+
5+
## Usage
6+
7+
Here is a minimal complete example workflow to create a Code Scanning action using Bandit.
8+
9+
```yaml
10+
name: Bandit
11+
12+
on:
13+
workflow_dispatch:
14+
15+
jobs:
16+
analyze:
17+
runs-on: ubuntu-latest
18+
permissions:
19+
# required for all workflows
20+
security-events: write
21+
# only required for workflows in private repositories
22+
actions: read
23+
contents: read
24+
steps:
25+
- name: Perform Bandit Analysis
26+
uses: PyCQA/bandit-action@v1
27+
```
28+
29+
## Inputs
30+
31+
| Name | Description | Required | Default Value |
32+
|--|--|--|--|
33+
| configfile | Config file to use for selecting plugins and overriding defaults | False | `"DEFAULT"` |
34+
| profile | Profile to use (defaults to executing all tests) | False | `"DEFAULT"` |
35+
| tests | Comma-separated list of test IDs to run | False | `"DEFAULT"` |
36+
| skips | Comma-separated list of test IDs to skip | False | `"DEFAULT"` |
37+
| severity |Report only issues of a given severity level or higher. "all" and "low" are likely to produce the same results, but it is possible for rules to be undefined which will not be listed in "low". Options include: {all, high, medium, low} | False | `"DEFAULT"` |
38+
| confidence | Report only issues of a given confidence level or higher. "all" and "low" are likely to produce the same results, but it is possible for rules to be undefined which will not be listed in "low". Options include: {all, high, medium, low} | False | `"DEFAULT"` |
39+
| exclude | Comma-separated list of paths (glob patterns supported) to exclude from scan (note that these are in addition to the excluded paths provided in the config file) | False | `".svn,CVS,.bzr,.hg,.git,__pycache__,.tox,.eggs,*.egg"` |
40+
| baseline | Path of a baseline report to compare against (only JSON-formatted files are accepted) | False | `"DEFAULT"` |
41+
| ini | Path to a .bandit file that supplies command line arguments | False | `"DEFAULT"` |
42+
| targets | Source file(s) or directory(s) to be tested | False | `"."` |

0 commit comments

Comments
 (0)