# Bandit security scanner configuration for i2p-python
# https://bandit.readthedocs.io/en/latest/config.html

targets:
  - src/

# Skip test directories
exclude_dirs:
  - tests
  - .git
  - __pycache__

# Tests to skip:
#   B101: assert used for runtime checks (standard pattern in crypto code)
#   B311: random.random() — we use os.urandom/secrets for crypto, random only for non-security
skips:
  - B101

# Report severity
severity:
  - MEDIUM
  - HIGH
  - CRITICAL