Hi, we are using bandit as an external rule scanner for our python projects, but the issues that it detects cannot be acted upon due to no drop down menu in the “Open” button.
All regular security hotspot issues we can “detect” or “clear” normally. Only bandit detected vulnerabilities we are unable to act on.
We setup bandit according to this howto: https://docs.sonarqube.org/display/PLUG/Import+Bandit+Issues+Reports
If it helps, we are also using pylint rules and those are working just fine.
Must-share information (formatted with Markdown):
which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
what are you trying to achieve
Detect or clear issues detected by bandit
what have you tried so far to achieve this
We configured the external scanner and are managing all other issues normally
our configuration looks like this:
bandit --format json --output bandit-report.json --exclude some-dirs --recursive some-folder/;
Any help would be very appreciated!
This is an example of how it looks in the sonarqube interface, please note that the dropdown option is missing.