Security linter that finds common security issues in Python code
- Stars8.1k
- Forks779
- Open Issues249
Apache-2.0
- Python
- Dockerfile
About Bandit
Bandit is a command line security linter for Python. It catches common security issues like hardcoded passwords, weak cryptography, and unsafe use of shell commands, making it a fit for teams that want lightweight static analysis dedicated to Python.
Under the hood, Bandit parses each file into an abstract syntax tree and runs a set of plugins against the tree's nodes, then assembles the findings into a report. The plugin model means the checks it applies can be extended and tuned to a project's needs.
Bandit started inside the OpenStack Security Project and was later rehomed to PyCQA, the Python Code Quality Authority. It is free software under the Apache license, installable from PyPI or runnable as a container image, with source on GitHub.
Key features
- Flags common Python security issues
- Parses code into an AST and runs checks on it
- Extensible plugin model for security rules
- Produces a report of findings after each scan
Details
- First released
- 2018
- Platforms
- CLI · Docker
- Language
- Python
- License
- Apache-2.0
- Origins
- OpenStack project · now PyCQA
- Latest release
- 1.9.4