bandit 1.7.10

Security oriented static analyser for python code.

Stars: 6389, Watchers: 6389, Forks: 603, Open Issues: 191

The PyCQA/bandit repo was created 6 years ago and the last code push was 4 days ago.
The project is extremely popular with a mindblowing 6389 github stars!

How to Install bandit

You can install bandit using pip

pip install bandit

or add it to a project with poetry

poetry add bandit

Package Details

Author

PyCQA

License

Apache-2.0 license

Homepage

https://bandit.readthedocs.io/

PyPi:

https://pypi.org/project/bandit/

GitHub Repo:

https://github.com/PyCQA/bandit

Classifiers

• Security

Related Packages

Errors

A list of common bandit errors.

Code Examples

Here are some bandit code examples and snippets.

GitHub Issues

The bandit package has 191 open issues on GitHub

• Add a link or badge to Discord for discussions
• [docs] Add Getting Started chapter (migrate from README)
• --confidence should accept a value: LOW, MEDIUM, HIGH.
• lxml guidance is not useful
• Check for hardcoded passwords in class attributes
• cannot silence issue in multi-line string
• Check B105:hardcoded_password_string for class attributes
• New check: B113: TrojanSource - Bidirectional control characters
• add check for "requests" calls without timeout
• Pbr is unexpectedly required during runtime
• Enhancement Proposal: Plugin "assert_used" config-skip snippet
• #nosec not working for multi-line strings in python 3.8
• blacklist getattr calls
• Support for the SARIF (Static Analysis Results Interchange Format)
• #nosec is not working for multiline assert.

See more issues on GitHub