Bandit errors are masked as problems uploading the SARIF file #16
Description
Describe the bug
If Bandit encounters an error, it still tries uploading a SARIF file, which fails. This masks the true cause of an error: When the failure logs are examined, it looks like the error was with the SARIF upload, when the error was actually with Bandit.
To Reproduce
Steps to reproduce the behavior:
- Create a GitHub Actions Workflow that uses this Action, but specifies something that causes an error. In my case, I specified the
configfileoption, pointing to mypyproject.tomlfile. - Let the GitHub Actions Workflow run normally.
Bandit will fail, because it does not have the toml extra installed. But when I look at the Workflow results, GitHub tells me that the run failed because of the error Error: Invalid SARIF. JSON syntax error: Unexpected end of JSON input. I can only see the true cause of the error by digging in to the logs of the run.
Expected behavior
I expected the Action to fail with the error [main] ERROR pyproject.toml : toml parser not available, reinstall with toml extra. I never expected the Action to try to upload a SARIF file.
Screenshots
I don't have screenshots, but you can check out https://github.com/stanford-rc/mais-apis-python/actions/runs/16611405604/job/46995066343 for an example of a run where this happened.
Desktop (please complete the following information):
n/a
Smartphone (please complete the following information):
n/a
Additional context
None