Skip to content

Limit PR Bandit scan to changed files#888

Draft
Copilot wants to merge 2 commits into
mainfrom
copilot/fix-dls-scan-bandit-job
Draft

Limit PR Bandit scan to changed files#888
Copilot wants to merge 2 commits into
mainfrom
copilot/fix-dls-scan-bandit-job

Conversation

Copilot AI commented Jun 2, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

The DLS SCAN: Bandit job failed because it scanned the entire repository (scan-scope: all) and surfaced existing Medium findings unrelated to the PR. This update narrows the PR workflow to evaluate only files changed in the pull request.

  • Workflow scope correction

    • Updated Bandit invocation in .github/workflows/dls-pr-workflow.yaml from full-repo scan to changed-files scan.
    • Preserves existing severity/confidence thresholds and fail-on-findings behavior for relevant PR diffs.

  • Impact

    • Prevents unrelated baseline findings from blocking PRs.
    • Keeps Bandit as an effective gate on newly introduced or modified code.
# .github/workflows/dls-pr-workflow.yaml
with:
  scan-scope: "changed"   # was "all"
  severity-level: "MEDIUM"
  confidence-level: "MEDIUM"
  fail-on-findings: true

Copilot AI changed the title [WIP] Fix failing GitHub Actions job 'DLS SCAN: Bandit' Limit PR Bandit scan to changed files Jun 2, 2026
Copilot AI requested a review from kblaszczak-intel June 2, 2026 09:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kblaszczak-intel kblaszczak-intel Awaiting requested review from kblaszczak-intel

@tbujewsk tbujewsk Awaiting requested review from tbujewsk tbujewsk will be requested when the pull request is marked ready for review tbujewsk is a code owner

@OskarFiedot OskarFiedot Awaiting requested review from OskarFiedot OskarFiedot will be requested when the pull request is marked ready for review OskarFiedot is a code owner

@nszczygl9 nszczygl9 Awaiting requested review from nszczygl9 nszczygl9 will be requested when the pull request is marked ready for review nszczygl9 is a code owner

@dmichalo dmichalo Awaiting requested review from dmichalo dmichalo will be requested when the pull request is marked ready for review dmichalo is a code owner

@msmiatac msmiatac Awaiting requested review from msmiatac msmiatac will be requested when the pull request is marked ready for review msmiatac is a code owner

@jmotow jmotow Awaiting requested review from jmotow jmotow will be requested when the pull request is marked ready for review jmotow is a code owner

@pbartosik pbartosik Awaiting requested review from pbartosik pbartosik will be requested when the pull request is marked ready for review pbartosik is a code owner

@mholowni mholowni Awaiting requested review from mholowni mholowni will be requested when the pull request is marked ready for review mholowni is a code owner

@qianlongding qianlongding Awaiting requested review from qianlongding qianlongding will be requested when the pull request is marked ready for review qianlongding is a code owner

@BaoHuiling BaoHuiling Awaiting requested review from BaoHuiling BaoHuiling will be requested when the pull request is marked ready for review BaoHuiling is a code owner

@yunowo yunowo Awaiting requested review from yunowo yunowo will be requested when the pull request is marked ready for review yunowo is a code owner

@ZiningLi ZiningLi Awaiting requested review from ZiningLi ZiningLi will be requested when the pull request is marked ready for review ZiningLi is a code owner

@yangjianfeng1208 yangjianfeng1208 Awaiting requested review from yangjianfeng1208 yangjianfeng1208 will be requested when the pull request is marked ready for review yangjianfeng1208 is a code owner

@oonyshch oonyshch Awaiting requested review from oonyshch oonyshch will be requested when the pull request is marked ready for review oonyshch is a code owner

@walidbarakat walidbarakat Awaiting requested review from walidbarakat walidbarakat will be requested when the pull request is marked ready for review walidbarakat is a code owner

@tjanczak tjanczak Awaiting requested review from tjanczak tjanczak will be requested when the pull request is marked ready for review tjanczak is a code owner

At least 2 approving reviews are required to merge this pull request.

Assignees

@kblaszczak-intel kblaszczak-intel

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kblaszczak-intel