bandit
https://github.com/pycqa/bandit
Python
Bandit is a tool designed to find common security issues in Python code.
Triage Issues!
When you volunteer to triage issues, you'll receive an email each day with a link to an open issue that needs help in this project. You'll also receive instructions on how to triage issues.
Triage Docs!
Receive a documented method or class from your favorite GitHub repos in your inbox every day. If you're really pro, receive undocumented methods or classes and supercharge your commit history.
Python not yet supported7 Subscribers
Add a CodeTriage badge to bandit
Help out
- Issues
- Extra results printed, when running bandit on file that doesnt exist
- Extra spaces added by bandit.code.utils.concat_string
- Fix nosec for nested dicts
- Add Additional testing on functionality of the Bandit tool
- Using `# nosec BXXX` annotation in a nested dict causes "higher" annotations to be ignored
- Make use of rich for formatters
- Suggest fixes for issues
- Broken JSON on standard output
- False positive / regression: [B314:blacklist] Using xml.etree.ElementTree.fromstring to parse untrusted XML - while defusedxml is used
- Bandit 1.7.5 false positive for request_without_timeout (B113)
- Docs
- Python not yet supported