oxsecurity · nvuillam · Aug 23, 2021 · Aug 23, 2021 · Aug 23, 2021 · Aug 23, 2021
diff --git a/.automation/build.py b/.automation/build.py
@@ -264,7 +264,7 @@ def generate_flavor(flavor, flavor_info):
     pip_install_command = ""
     if len(pip_packages) > 0:
         pip_install_command = (
-            "RUN pip3 install --no-cache-dir \\\n          '"
+            "RUN pip3 install --no-cache-dir --upgrade \\\n          '"
             + "' \\\n          '".join(list(dict.fromkeys(pip_packages)))
             + "'"
         )

diff --git a/.automation/generated/flavors-stats.json b/.automation/generated/flavors-stats.json
@@ -105,8 +105,8 @@
             97937
         ],
         [
-            "2021-08-23T01:26:28",
-            98630
+            "2021-08-23T08:42:54",
+            98785
         ]
     ],
     "ci_light": [
@@ -215,8 +215,8 @@
             2064
         ],
         [
-            "2021-08-23T01:26:28",
-            2074
+            "2021-08-23T08:42:54",
+            2076
         ]
     ],
     "dart": [
@@ -325,8 +325,8 @@
             768
         ],
         [
-            "2021-08-23T01:26:28",
-            786
+            "2021-08-23T08:42:54",
+            794
         ]
     ],
     "documentation": [
@@ -435,8 +435,8 @@
             8527
         ],
         [
-            "2021-08-23T01:26:28",
-            8564
+            "2021-08-23T08:42:54",
+            8566
         ]
     ],
     "dotnet": [
@@ -545,8 +545,8 @@
             220213
         ],
         [
-            "2021-08-23T01:26:28",
-            220548
+            "2021-08-23T08:42:54",
+            220621
         ]
     ],
     "go": [
@@ -655,8 +655,8 @@
             2935
         ],
         [
-            "2021-08-23T01:26:28",
-            2946
+            "2021-08-23T08:42:54",
+            2950
         ]
     ],
     "java": [
@@ -765,8 +765,8 @@
             17554
         ],
         [
-            "2021-08-23T01:26:28",
-            17599
+            "2021-08-23T08:42:54",
+            17619
         ]
     ],
     "javascript": [
@@ -875,8 +875,8 @@
             28305
         ],
         [
-            "2021-08-23T01:26:28",
-            28408
+            "2021-08-23T08:42:54",
+            28532
         ]
     ],
     "php": [
@@ -985,8 +985,8 @@
             1408
         ],
         [
-            "2021-08-23T01:26:28",
-            1418
+            "2021-08-23T08:42:54",
+            1422
         ]
     ],
     "python": [
@@ -1095,8 +1095,8 @@
             16489
         ],
         [
-            "2021-08-23T01:26:28",
-            16540
+            "2021-08-23T08:42:54",
+            16596
         ]
     ],
     "ruby": [
@@ -1205,8 +1205,8 @@
             1077
         ],
         [
-            "2021-08-23T01:26:28",
-            1087
+            "2021-08-23T08:42:54",
+            1089
         ]
     ],
     "rust": [
@@ -1315,8 +1315,8 @@
             785
         ],
         [
-            "2021-08-23T01:26:28",
-            795
+            "2021-08-23T08:42:54",
+            797
         ]
     ],
     "salesforce": [
@@ -1425,8 +1425,8 @@
             5729
         ],
         [
-            "2021-08-23T01:26:28",
-            5752
+            "2021-08-23T08:42:54",
+            5762
         ]
     ],
     "scala": [
@@ -1535,8 +1535,8 @@
             724
         ],
         [
-            "2021-08-23T01:26:28",
-            734
+            "2021-08-23T08:42:54",
+            736
         ]
     ],
     "swift": [
@@ -1645,8 +1645,8 @@
             613
         ],
         [
-            "2021-08-23T01:26:28",
-            614
+            "2021-08-23T08:42:54",
+            616
         ]
     ],
     "terraform": [
@@ -1755,8 +1755,8 @@
             4496
         ],
         [
-            "2021-08-23T01:26:28",
-            4508
+            "2021-08-23T08:42:54",
+            4514
         ]
     ]
 }
diff --git a/Dockerfile b/Dockerfile
@@ -121,7 +121,7 @@ RUN mkdir -p ${GOPATH}/src ${GOPATH}/bin
 ## @generated by .automation/build.py using descriptor files, please do not update manually ##
 #############################################################################################
 #PIP__START
-RUN pip3 install --no-cache-dir \
+RUN pip3 install --no-cache-dir --upgrade \
           'cpplint' \
           'cfn-lint' \
           'pylint' \

diff --git a/README.md b/README.md
@@ -13,7 +13,7 @@
 <!-- mega-linter-title-end -->
 
 ![GitHub release](https://img.shields.io/github/v/release/nvuillam/mega-linter?sort=semver)
-[![Docker Pulls](https://img.shields.io/badge/docker%20pulls-411.0k-blue)](https://nvuillam.github.io/mega-linter/flavors/)
+[![Docker Pulls](https://img.shields.io/badge/docker%20pulls-411.5k-blue)](https://nvuillam.github.io/mega-linter/flavors/)
 [![Downloads/week](https://img.shields.io/npm/dw/mega-linter-runner.svg)](https://npmjs.org/package/mega-linter-runner)
 [![GitHub stars](https://img.shields.io/github/stars/nvuillam/mega-linter?maxAge=2592000)](https://GitHub.com/nvuillam/mega-linter/stargazers/)
 [![Mega-Linter](https://github.com/nvuillam/mega-linter/workflows/Mega-Linter/badge.svg?branch=master)](https://github.com/nvuillam/mega-linter/actions?query=workflow%3AMega-Linter+branch%3Amaster)

diff --git a/docs/descriptors/python_bandit.md b/docs/descriptors/python_bandit.md
@@ -26,17 +26,19 @@ If you find it too harsh, you may define `PYTHON_BANDIT_DISABLE_ERRORS: true` in
 - Enable bandit by adding `PYTHON_BANDIT` in [ENABLE_LINTERS variable](https://nvuillam.github.io/mega-linter/configuration/#activation-and-deactivation)
 - Disable bandit by adding `PYTHON_BANDIT` in [DISABLE_LINTERS variable](https://nvuillam.github.io/mega-linter/configuration/#activation-and-deactivation)
 
-| Variable                                  | Description                                                                                                                                                                                  | Default value      |
-|-------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------|
-| PYTHON_BANDIT_ARGUMENTS                   | User custom arguments to add in linter CLI call<br/>Ex: `-s --foo "bar"`                                                                                                                     |                    |
-| PYTHON_BANDIT_FILTER_REGEX_INCLUDE        | Custom regex including filter<br/>Ex: `(src\|lib)`                                                                                                                                           | Include every file |
-| PYTHON_BANDIT_FILTER_REGEX_EXCLUDE        | Custom regex excluding filter<br/>Ex: `(test\|examples)`                                                                                                                                     | Exclude no file    |
-| PYTHON_BANDIT_FILE_EXTENSIONS             | Allowed file extensions. `"*"` matches any extension, `""` matches empty extension. Empty list excludes all files<br/>Ex: `[".py", ""]`                                                      | `[".py"]`          |
-| PYTHON_BANDIT_FILE_NAMES_REGEX            | File name regex filters. Regular expression list for filtering files by their base names using regex full match. Empty list includes all files<br/>Ex: `["Dockerfile(-.+)?", "Jenkinsfile"]` | Include every file |
-| PYTHON_BANDIT_PRE_COMMANDS                | List of bash commands to run before the linter                                                                                                                                               | None               |
-| PYTHON_BANDIT_POST_COMMANDS               | List of bash commands to run after the linter                                                                                                                                                | None               |
-| PYTHON_BANDIT_DISABLE_ERRORS              | Run linter but consider errors as warnings                                                                                                                                                   | `false`            |
-| PYTHON_BANDIT_DISABLE_ERRORS_IF_LESS_THAN | Maximum number of errors allowed                                                                                                                                                             | `0`                |
+| Variable                                  | Description                                                                                                                                                                                  | Default value                                    |
+|-------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|
+| PYTHON_BANDIT_ARGUMENTS                   | User custom arguments to add in linter CLI call<br/>Ex: `-s --foo "bar"`                                                                                                                     |                                                  |
+| PYTHON_BANDIT_FILTER_REGEX_INCLUDE        | Custom regex including filter<br/>Ex: `(src\|lib)`                                                                                                                                           | Include every file                               |
+| PYTHON_BANDIT_FILTER_REGEX_EXCLUDE        | Custom regex excluding filter<br/>Ex: `(test\|examples)`                                                                                                                                     | Exclude no file                                  |
+| PYTHON_BANDIT_FILE_EXTENSIONS             | Allowed file extensions. `"*"` matches any extension, `""` matches empty extension. Empty list excludes all files<br/>Ex: `[".py", ""]`                                                      | `[".py"]`                                        |
+| PYTHON_BANDIT_FILE_NAMES_REGEX            | File name regex filters. Regular expression list for filtering files by their base names using regex full match. Empty list includes all files<br/>Ex: `["Dockerfile(-.+)?", "Jenkinsfile"]` | Include every file                               |
+| PYTHON_BANDIT_PRE_COMMANDS                | List of bash commands to run before the linter                                                                                                                                               | None                                             |
+| PYTHON_BANDIT_POST_COMMANDS               | List of bash commands to run after the linter                                                                                                                                                | None                                             |
+| PYTHON_BANDIT_CONFIG_FILE                 | bandit configuration file name</br>Use `LINTER_DEFAULT` to let the linter find it                                                                                                            | `.bandit.yml`                                    |
+| PYTHON_BANDIT_RULES_PATH                  | Path where to find linter configuration file                                                                                                                                                 | Workspace folder, then Mega-Linter default rules |
+| PYTHON_BANDIT_DISABLE_ERRORS              | Run linter but consider errors as warnings                                                                                                                                                   | `false`                                          |
+| PYTHON_BANDIT_DISABLE_ERRORS_IF_LESS_THAN | Maximum number of errors allowed                                                                                                                                                             | `0`                                              |
 
 ## IDE Integration
 

diff --git a/docs/index.md b/docs/index.md
@@ -13,7 +13,7 @@
 <!-- mega-linter-title-end -->
 
 ![GitHub release](https://img.shields.io/github/v/release/nvuillam/mega-linter?sort=semver)
-[![Docker Pulls](https://img.shields.io/badge/docker%20pulls-411.0k-blue)](https://nvuillam.github.io/mega-linter/flavors/)
+[![Docker Pulls](https://img.shields.io/badge/docker%20pulls-411.5k-blue)](https://nvuillam.github.io/mega-linter/flavors/)
 [![Downloads/week](https://img.shields.io/npm/dw/mega-linter-runner.svg)](https://npmjs.org/package/mega-linter-runner)
 [![GitHub stars](https://img.shields.io/github/stars/nvuillam/mega-linter?maxAge=2592000)](https://GitHub.com/nvuillam/mega-linter/stargazers/)
 [![Mega-Linter](https://github.com/nvuillam/mega-linter/workflows/Mega-Linter/badge.svg?branch=master)](https://github.com/nvuillam/mega-linter/actions?query=workflow%3AMega-Linter+branch%3Amaster)

diff --git a/flavors/ci_light/Dockerfile b/flavors/ci_light/Dockerfile
@@ -78,7 +78,7 @@ RUN mkdir -p ${GOPATH}/src ${GOPATH}/bin
 ## @generated by .automation/build.py using descriptor files, please do not update manually ##
 #############################################################################################
 #PIP__START
-RUN pip3 install --no-cache-dir \
+RUN pip3 install --no-cache-dir --upgrade \
           'yamllint'
 #PIP__END
 

diff --git a/flavors/dart/Dockerfile b/flavors/dart/Dockerfile
@@ -81,7 +81,7 @@ RUN mkdir -p ${GOPATH}/src ${GOPATH}/bin
 ## @generated by .automation/build.py using descriptor files, please do not update manually ##
 #############################################################################################
 #PIP__START
-RUN pip3 install --no-cache-dir \
+RUN pip3 install --no-cache-dir --upgrade \
           'snakemake' \
           'snakefmt' \
           'sqlfluff' \

diff --git a/flavors/documentation/Dockerfile b/flavors/documentation/Dockerfile
@@ -80,7 +80,7 @@ RUN mkdir -p ${GOPATH}/src ${GOPATH}/bin
 ## @generated by .automation/build.py using descriptor files, please do not update manually ##
 #############################################################################################
 #PIP__START
-RUN pip3 install --no-cache-dir \
+RUN pip3 install --no-cache-dir --upgrade \
           'snakemake' \
           'snakefmt' \
           'sqlfluff' \

diff --git a/flavors/dotnet/Dockerfile b/flavors/dotnet/Dockerfile
@@ -91,7 +91,7 @@ RUN mkdir -p ${GOPATH}/src ${GOPATH}/bin
 ## @generated by .automation/build.py using descriptor files, please do not update manually ##
 #############################################################################################
 #PIP__START
-RUN pip3 install --no-cache-dir \
+RUN pip3 install --no-cache-dir --upgrade \
           'cpplint' \
           'snakemake' \
           'snakefmt' \

diff --git a/flavors/go/Dockerfile b/flavors/go/Dockerfile
@@ -81,7 +81,7 @@ RUN mkdir -p ${GOPATH}/src ${GOPATH}/bin
 ## @generated by .automation/build.py using descriptor files, please do not update manually ##
 #############################################################################################
 #PIP__START
-RUN pip3 install --no-cache-dir \
+RUN pip3 install --no-cache-dir --upgrade \
           'snakemake' \
           'snakefmt' \
           'sqlfluff' \

diff --git a/flavors/java/Dockerfile b/flavors/java/Dockerfile
@@ -82,7 +82,7 @@ RUN mkdir -p ${GOPATH}/src ${GOPATH}/bin
 ## @generated by .automation/build.py using descriptor files, please do not update manually ##
 #############################################################################################
 #PIP__START
-RUN pip3 install --no-cache-dir \
+RUN pip3 install --no-cache-dir --upgrade \
           'snakemake' \
           'snakefmt' \
           'sqlfluff' \

diff --git a/flavors/javascript/Dockerfile b/flavors/javascript/Dockerfile
@@ -85,7 +85,7 @@ RUN mkdir -p ${GOPATH}/src ${GOPATH}/bin
 ## @generated by .automation/build.py using descriptor files, please do not update manually ##
 #############################################################################################
 #PIP__START
-RUN pip3 install --no-cache-dir \
+RUN pip3 install --no-cache-dir --upgrade \
           'snakemake' \
           'snakefmt' \
           'sqlfluff' \

diff --git a/flavors/php/Dockerfile b/flavors/php/Dockerfile
@@ -91,7 +91,7 @@ RUN mkdir -p ${GOPATH}/src ${GOPATH}/bin
 ## @generated by .automation/build.py using descriptor files, please do not update manually ##
 #############################################################################################
 #PIP__START
-RUN pip3 install --no-cache-dir \
+RUN pip3 install --no-cache-dir --upgrade \
           'snakemake' \
           'snakefmt' \
           'sqlfluff' \

diff --git a/flavors/python/Dockerfile b/flavors/python/Dockerfile
@@ -80,7 +80,7 @@ RUN mkdir -p ${GOPATH}/src ${GOPATH}/bin
 ## @generated by .automation/build.py using descriptor files, please do not update manually ##
 #############################################################################################
 #PIP__START
-RUN pip3 install --no-cache-dir \
+RUN pip3 install --no-cache-dir --upgrade \
           'pylint' \
           'black' \
           'flake8' \

diff --git a/flavors/ruby/Dockerfile b/flavors/ruby/Dockerfile
@@ -84,7 +84,7 @@ RUN mkdir -p ${GOPATH}/src ${GOPATH}/bin
 ## @generated by .automation/build.py using descriptor files, please do not update manually ##
 #############################################################################################
 #PIP__START
-RUN pip3 install --no-cache-dir \
+RUN pip3 install --no-cache-dir --upgrade \
           'snakemake' \
           'snakefmt' \
           'sqlfluff' \

diff --git a/flavors/rust/Dockerfile b/flavors/rust/Dockerfile
@@ -80,7 +80,7 @@ RUN mkdir -p ${GOPATH}/src ${GOPATH}/bin
 ## @generated by .automation/build.py using descriptor files, please do not update manually ##
 #############################################################################################
 #PIP__START
-RUN pip3 install --no-cache-dir \
+RUN pip3 install --no-cache-dir --upgrade \
           'snakemake' \
           'snakefmt' \
           'sqlfluff' \

diff --git a/flavors/salesforce/Dockerfile b/flavors/salesforce/Dockerfile
@@ -81,7 +81,7 @@ RUN mkdir -p ${GOPATH}/src ${GOPATH}/bin
 ## @generated by .automation/build.py using descriptor files, please do not update manually ##
 #############################################################################################
 #PIP__START
-RUN pip3 install --no-cache-dir \
+RUN pip3 install --no-cache-dir --upgrade \
           'snakemake' \
           'snakefmt' \
           'sqlfluff' \

diff --git a/flavors/scala/Dockerfile b/flavors/scala/Dockerfile
@@ -80,7 +80,7 @@ RUN mkdir -p ${GOPATH}/src ${GOPATH}/bin
 ## @generated by .automation/build.py using descriptor files, please do not update manually ##
 #############################################################################################
 #PIP__START
-RUN pip3 install --no-cache-dir \
+RUN pip3 install --no-cache-dir --upgrade \
           'snakemake' \
           'snakefmt' \
           'sqlfluff' \

diff --git a/flavors/swift/Dockerfile b/flavors/swift/Dockerfile
@@ -82,7 +82,7 @@ RUN mkdir -p ${GOPATH}/src ${GOPATH}/bin
 ## @generated by .automation/build.py using descriptor files, please do not update manually ##
 #############################################################################################
 #PIP__START
-RUN pip3 install --no-cache-dir \
+RUN pip3 install --no-cache-dir --upgrade \
           'snakemake' \
           'snakefmt' \
           'sqlfluff' \

diff --git a/flavors/terraform/Dockerfile b/flavors/terraform/Dockerfile
@@ -83,7 +83,7 @@ RUN mkdir -p ${GOPATH}/src ${GOPATH}/bin
 ## @generated by .automation/build.py using descriptor files, please do not update manually ##
 #############################################################################################
 #PIP__START
-RUN pip3 install --no-cache-dir \
+RUN pip3 install --no-cache-dir --upgrade \
           'snakemake' \
           'snakefmt' \
           'sqlfluff' \

diff --git a/mega-linter-runner/README.md b/mega-linter-runner/README.md
@@ -15,7 +15,7 @@
 [![Downloads/total](https://img.shields.io/npm/dt/mega-linter-runner.svg)](https://npmjs.org/package/mega-linter-runner)
 [![GitHub stars](https://img.shields.io/github/stars/nvuillam/mega-linter?maxAge=2592000)](https://GitHub.com/nvuillam/mega-linter/stargazers/)
 <!-- readme-header-start -->
-[![Docker Pulls](https://img.shields.io/badge/docker%20pulls-411.0k-blue)](https://nvuillam.github.io/mega-linter/flavors/)
+[![Docker Pulls](https://img.shields.io/badge/docker%20pulls-411.5k-blue)](https://nvuillam.github.io/mega-linter/flavors/)
 [![Mega-Linter](https://github.com/nvuillam/mega-linter/workflows/Mega-Linter/badge.svg?branch=master)](https://nvuillam.github.io/mega-linter)
 [![codecov](https://codecov.io/gh/nvuillam/mega-linter/branch/master/graph/badge.svg)](https://codecov.io/gh/nvuillam/mega-linter)
 [![Secured with Trivy](https://img.shields.io/badge/Trivy-secured-green?logo=docker)](https://github.com/aquasecurity/trivy)

diff --git a/megalinter/descriptors/python.megalinter-descriptor.yml b/megalinter/descriptors/python.megalinter-descriptor.yml
@@ -184,6 +184,9 @@ linters:
     cli_lint_mode: list_of_files
     cli_config_arg_name: "--configfile"
     cli_version_arg_name: "--version"
+    config_file_name: ".bandit.yml"
+    cli_lint_errors_count: regex_count
+    cli_lint_errors_regex: ">> Issue: \\["
     version_extract_regex: "(?<=bandit )\\d+(\\.\\d+)+"
     test_folder: python_bandit
     examples: