Skip to content

feature_request(verbose): “--verbose” command-line argument without the “Files excluded” section #1249

New issue
New issue
Open
Open
feature_request(verbose): “--verbose” command-line argument without the “Files excluded” section#1249
@Kristinita

Description

@Kristinita
Kristinita
opened on Mar 23, 2025

1. Summary

It would be nice if bandit will have a command-line argument with behavior like current --verbose argument but without the section Files excluded.

2. Justification of the need of the feature

Output of the bandit command with the --verbose command-line argument is useful for me. The exception — the section Files excluded. If I run the command bandit with arguments --recursive and --verbose for my real project, bandit prints to a console all tens of thousands of filenames of my projects. The section Files excluded spammed a console output and created difficulties for reading useful information provided by the argument --verbose. It would be nice to have the command --verbose without the Files excluded noise.

3. MCVE

3.1. Command

bandit . --configfile bandit.yaml --recursive --verbose

I run this command for my real project.

3.2. bandit.yaml

The part of my bandit.yaml:

exclude_dirs:
- .venv
- node_modules

3.3. Behavior

3.3.1. Desired
[main]	INFO	profile include tests: None
[main]	INFO	profile exclude tests: B603,B404
[main]	INFO	cli include tests: None
[main]	INFO	cli exclude tests: None
[main]	INFO	using config: bandit.yaml
[main]	INFO	running on Python 3.13.2
Run started:2025-03-23 13:18:34.867087
Files in scope (11):
	.\installation_scripts\gh_release_install.py (score: {SEVERITY: 0, CONFIDENCE: 0})
	.\jinja_filters\__init__.py (score: {SEVERITY: 0, CONFIDENCE: 0})
	.\jinja_filters\jinja_filter_all.py (score: {SEVERITY: 0, CONFIDENCE: 0})
	.\jinja_filters\jinja_filter_any.py (score: {SEVERITY: 0, CONFIDENCE: 0})
	.\pelican_settings_loader.py (score: {SEVERITY: 0, CONFIDENCE: 0})
	.\pelicanconf.py (score: {SEVERITY: 0, CONFIDENCE: 0})
	.\personal-plugins\autotitle\__init__.py (score: {SEVERITY: 0, CONFIDENCE: 0})
	.\personal-plugins\autotitle\autotitle.py (score: {SEVERITY: 0, CONFIDENCE: 0})
	.\personal-plugins\putkiry\__init__.py (score: {SEVERITY: 0, CONFIDENCE: 0})
	.\personal-plugins\putkiry\putkiry.py (score: {SEVERITY: 0, CONFIDENCE: 0})
	.\publishconf.py (score: {SEVERITY: 0, CONFIDENCE: 0})

Test results:
	No issues identified.

Code scanned:
	Total lines of code: 295
	Total lines skipped (#nosec): 0
	Total potential issues skipped due to specifically being disabled (e.g., #nosec BXXX): 0

Run metrics:
	Total issues (by severity):
		Undefined: 0
		Low: 0
		Medium: 0
		High: 0
	Total issues (by confidence):
		Undefined: 0
		Low: 0
		Medium: 0
		High: 0
Files skipped (0):

The output contains useful information for me.

It would be nice if default behavior of the --verbose command-line argument will be as in my example.

3.3.2. Current
[main]	INFO	profile include tests: None
[main]	INFO	profile exclude tests: B603,B404
[main]	INFO	cli include tests: None
[main]	INFO	cli exclude tests: None
[main]	INFO	using config: bandit.yaml
[main]	INFO	running on Python 3.13.2
Run started:2025-03-23 13:18:34.867087
Files in scope (11):
	.\installation_scripts\gh_release_install.py (score: {SEVERITY: 0, CONFIDENCE: 0})
	.\jinja_filters\__init__.py (score: {SEVERITY: 0, CONFIDENCE: 0})
	.\jinja_filters\jinja_filter_all.py (score: {SEVERITY: 0, CONFIDENCE: 0})
	.\jinja_filters\jinja_filter_any.py (score: {SEVERITY: 0, CONFIDENCE: 0})
	.\pelican_settings_loader.py (score: {SEVERITY: 0, CONFIDENCE: 0})
	.\pelicanconf.py (score: {SEVERITY: 0, CONFIDENCE: 0})
	.\personal-plugins\autotitle\__init__.py (score: {SEVERITY: 0, CONFIDENCE: 0})
	.\personal-plugins\autotitle\autotitle.py (score: {SEVERITY: 0, CONFIDENCE: 0})
	.\personal-plugins\putkiry\__init__.py (score: {SEVERITY: 0, CONFIDENCE: 0})
	.\personal-plugins\putkiry\putkiry.py (score: {SEVERITY: 0, CONFIDENCE: 0})
	.\publishconf.py (score: {SEVERITY: 0, CONFIDENCE: 0})
Files excluded (78002):

	# Bandit prints names of all 78002 excluded files

	# Files from the “.git” directory
	.\.git\COMMIT_EDITMSG
	.\.git\FETCH_HEAD
	.\.git\HEAD
	.\.git\ORIG_HEAD
	.\.git\config
	.\.git\credential.log
	.\.git\description

	#
	# Files from the “.venv” directory
	.\.venv\.gitignore
	.\.venv\.project
	.\.venv\CACHEDIR.TAG
	.\.venv\Lib\site-packages\3204bda914b7f2c6f497__mypyc.cp313-win_amd64.pyd
	.\.venv\Lib\site-packages\3c22db458360489351e4__mypyc.cp313-win_amd64.pyd
	.\.venv\Lib\site-packages\EditorConfig-0.17.0.dist-info\COPYING
	.\.venv\Lib\site-packages\EditorConfig-0.17.0.dist-info\INSTALLER

	#
	# Files from the “node_modules” directory
	.\node_modules\.bin\JSONStream
	.\node_modules\.bin\JSONStream.cmd
	.\node_modules\.bin\JSONStream.ps1
	.\node_modules\.bin\acorn
	.\node_modules\.bin\acorn.cmd
	.\node_modules\.bin\acorn.ps1
	.\node_modules\.bin\asset-resolver

	#

Test results:
	No issues identified.

Code scanned:
	Total lines of code: 295
	Total lines skipped (#nosec): 0
	Total potential issues skipped due to specifically being disabled (e.g., #nosec BXXX): 0

Run metrics:
	Total issues (by severity):
		Undefined: 0
		Low: 0
		Medium: 0
		High: 0
	Total issues (by confidence):
		Undefined: 0
		Low: 0
		Medium: 0
		High: 0
Files skipped (0):

Printing names of all 78002 excluded files it’s noise for me.

If user want to get Files excluded section, new command-line argument -vvv with behavior like current --verbose behavior can be introduced.

Thanks.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions