Obfuscate suspected password from report

[sebastian-suva]

Hi folks, thanks for this great and nifty tool!
Is it possible to obfuscate passwords like MY_PASSWORD from the report that I pasted below before they get printed to the console? E.g. to print just something like MY_***.

Right now, running bandit in CI poses some challenges, because if an actual password is found, it gets printed to the console and consequently leaked to additional places.

Run started:2024-11-14 10:29:36.489944
Test results:
>> Issue: [B105:hardcoded_password_string] Possible hardcoded password: 'MY_PASSWORD'
... 

If not out-of-the-box then I guess I should create a custom plugin and adapt what is passed into _report here, correct?

Thanks for any pointers! :)