bandit
https://github.com/pycqa/bandit
Python
Bandit is a tool designed to find common security issues in Python code.
Triage Issues!
When you volunteer to triage issues, you'll receive an email each day with a link to an open issue that needs help in this project. You'll also receive instructions on how to triage issues.
Triage Docs!
Receive a documented method or class from your favorite GitHub repos in your inbox every day. If you're really pro, receive undocumented methods or classes and supercharge your commit history.
Python not yet supported7 Subscribers
Add a CodeTriage badge to bandit
Help out
- Issues
- Avoid UnicodeEncodeError on narrow-encoding output streams (#1251)
- Feature request (with my own implementation): add a plugin which detects common SSRF cases where user-controlled URLs flow into outbound HTTP requests
- Fix exit code for invalid scan targets (#1326)
- Proposal: Detecting Flask file-serving API misuse
- B701: Extend Jinja2 checks to cover dynamic template source execution
- B704 false negative for local Markup subclasses (CVE-2025-54384)
- Methods to Bypass Bandit Detection
- False negative: B104 misses `bind(("", port))` wildcard host
- False negative: narrow argument-shape checks in B508/B509
- False negative: B501 misses `verify=False` on `requests.Session` / `httpx.Client` instance methods
- Docs
- Python not yet supported