fix: Configure Bandit to use pyproject.toml in CI

rcholic · claude · rcholic · commit d09461fcfc40 · 2026-02-25T18:35:39.000-08:00
The pyproject.toml already has B404 (subprocess import) in the skips
list, but the GitHub Actions workflow wasn't using the config file.
Added -c pyproject.toml flag to the bandit command.

This resolves the B404 warning which is a low-severity issue about
importing the subprocess module. The import is safe and necessary for
managing OpenClaw CLI subprocess lifecycle.

Co-Authored-By: Claude Sonnet 4.5 &lt;noreply@anthropic.com&gt;
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -33,7 +33,7 @@ jobs:
 
       - name: Run security checks
         run: |
-          python -m bandit -q -r src/predicate_secure/
+          python -m bandit -q -r src/predicate_secure/ -c pyproject.toml
 
   lint:
     runs-on: ubuntu-latest
