Remove venv folder from bandit scan

1.8k Views Asked by Henrique Branco At 08 November 2025 at 16:33

When I run

poetry run bandit -r .

inside my root project's folder root, it consider the .venv path.

My folder structure is:

root
├── ...
├── my_package            
├── .venv                 
└── ...

How could I avoid this?

I've tried the -x parameter, but no effect was seen:

poetry run bandit -r . -x .venv

And I've also tried to insert the exclude parameter in pyproject.toml from poetry, also without any effect.

...
[tool.bandit]
targets = "my_package"
exclude = ".venv" # This line has no effect too
skips = "B101"
...

Even with all those attemps, the bandit still scan .venv folder.

Original Q&A

There are 2 best solutions below

lmiguelvargasf On 13 July 2021 at 21:10 BEST ANSWER

I think this is an issue of bandit that I found here. I think you should use the absolute path to .venv as follows:

poetry run bandit --exclude "./absolute/path/.venv"  -r .

Use the absolute path in the config file too:

[tool.bandit]
targets = "my_package"
exclude = "./absolute/path/.venv" #

Abdullah On 06 March 2024 at 13:06

if you have defined the .pre-commit-config.yaml here is working sample to ignore multiple dirs:

-   repo: local
    hooks:
    -   id: bandit
        name: python-bandit-vulnerability-check
        entry: bandit
        args: [ '-r', '.', '-x', 'env, venv' ]
        language: system
        pass_filenames: false

Remove venv folder from bandit scan

There are 2 best solutions below

Related Questions in PYTHON

Related Questions in PYTHON-POETRY

Related Questions in LINTER

Related Questions in BANDIT-PYTHON

Trending Questions

Popular # Hahtags

Popular Questions