[TESTING] Update bandit.yml (- WIP #164 -)

- Unleash bandit scan as per #164

Author: reactive-firewall

.github/workflows/bandit.yml

@@ -24,6 +24,7 @@ jobs:
   bandit:
     permissions:
       contents: read # for actions/checkout to fetch code
+      statuses: write
       security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
     runs-on: ubuntu-latest
     steps:
@@ -32,15 +33,15 @@ jobs:
         uses: reactive-firewall/[email protected]
         with: # optional arguments
           # exit with 0, even with results found
-          exit_zero: true # optional, default is DEFAULT
+          exit_zero: false # optional, default is DEFAULT
           # Github token of the repository (automatically created by Github)
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information.
           # File or directory to run bandit on
           path: "." # optional, default is .
           # Report only issues of a given severity level or higher. Can be LOW, MEDIUM or HIGH. Default is UNDEFINED (everything)
-          level: medium # optional, default is UNDEFINED
+          # level: MEDIUM # optional, default is UNDEFINED
           # Report only issues of a given confidence level or higher. Can be LOW, MEDIUM or HIGH. Default is UNDEFINED (everything)
-          confidence: high # optional, default is UNDEFINED
+          confidence: LOW # optional, default is UNDEFINED
           # comma-separated list of paths (glob patterns supported) to exclude from scan (note that these are in addition to the excluded paths provided in the config file) (default: .svn,CVS,.bzr,.hg,.git,__pycache__,.tox,.eggs,*.egg)
           # excluded_paths: # optional, default is DEFAULT
           # comma-separated list of test IDs to skip