When I run
poetry run bandit -r .
inside my root project's folder root, it consider the .venv path.
My folder structure is:
root
├── ...
├── my_package
├── .venv
└── ...
How could I avoid this?
I've tried the -x parameter, but no effect was seen:
poetry run bandit -r . -x .venv
And I've also tried to insert the exclude parameter in pyproject.toml from poetry, also without any effect.
...
[tool.bandit]
targets = "my_package"
exclude = ".venv" # This line has no effect too
skips = "B101"
...
Even with all those attemps, the bandit still scan .venv folder.
I think this is an issue of bandit that I found here. I think you should use the absolute path to .venv as follows:
poetry run bandit --exclude "./absolute/path/.venv" -r .
Use the absolute path in the config file too:
[tool.bandit]
targets = "my_package"
exclude = "./absolute/path/.venv" #