Merge pull request #2 from AmberJBlue/update-security-scans

Update security scans

Author: AmberJBlue

.github/workflows/security.yaml

@@ -86,15 +86,11 @@ jobs:
           source .venv/bin/activate
           pip install -e ".[dev]"
 
-      - name: Install Bandit
-        run: |
-          source .venv/bin/activate
-          pip install bandit[toml]
-
       - name: Run Bandit Security Scan
         uses: PyCQA/bandit-action@v1
         with:
           targets: "."
+          configFile: "pyproject.toml"
 
       - name: Upload SARIF results to Security tab
         if: github.ref == 'refs/heads/main'

pyproject.toml

@@ -48,6 +48,7 @@ dev = [
     "twine==3.4.2",
     "wheel~=0.38.4",
     "xgboost~=3.0.2",
+    "bandit[toml]~=1.7.7"
 ]
 extras = ["aix360[default,tsice,tslime,tssaliency]==0.3.0"]
 
@@ -86,3 +87,6 @@ markers = [
 where = ["src"]
 
 [tool.setuptools_scm]
+
+[tool.bandit]
+exclude = ["tests"]