• Stars
    star
    5,900
  • Rank 6,855 (Top 0.2 %)
  • Language
    Python
  • License
    Apache License 2.0
  • Created over 6 years ago
  • Updated 8 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Bandit is a tool designed to find common security issues in Python code.

Bandit


Build Status

Docs Status

Latest Version

Python Versions

Format

License

Discord

A security linter from PyCQA

Overview

Bandit is a tool designed to find common security issues in Python code. To do this Bandit processes each file, builds an AST from it, and runs appropriate plugins against the AST nodes. Once Bandit has finished scanning all the files it generates a report.

Bandit was originally developed within the OpenStack Security Project and later rehomed to PyCQA.

Bandit Example Screen Shot

Show Your Style

Security Status

Use our badge in your project's README!

using Markdown:

[![security: bandit](https://img.shields.io/badge/security-bandit-yellow.svg)](https://github.com/PyCQA/bandit)

using RST:

.. image:: https://img.shields.io/badge/security-bandit-yellow.svg
    :target: https://github.com/PyCQA/bandit
    :alt: Security Status

References

Python AST module documentation: https://docs.python.org/3/library/ast.html

Green Tree Snakes - the missing Python AST docs: https://greentreesnakes.readthedocs.org/en/latest/

Documentation of the various types of AST nodes that Bandit currently covers or could be extended to cover: https://greentreesnakes.readthedocs.org/en/latest/nodes.html

Container Images

Bandit is available as a container image, built within the bandit repository using GitHub Actions. The image is available on ghcr.io:

docker pull ghcr.io/pycqa/bandit/bandit

The image is built for the following architectures:

  • amd64
  • arm64
  • armv7
  • armv8

To pull a specific architecture, use the following format:

docker pull --platform=<architecture> ghcr.io/pycqa/bandit/bandit:latest

Every image is signed with sigstore cosign and it is possible to verify the source of origin using the following cosign command:

cosign verify ghcr.io/pycqa/bandit/bandit:latest \
  --certificate-identity https://github.com/pycqa/bandit/.github/workflows/build-publish-image.yml@refs/tags/<version> \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com

Where <version> is the release version of Bandit.

More Repositories

1

isort

A Python utility / library to sort imports.
Python
6,471
star
2

pycodestyle

Simple Python style checker in one Python file
Python
4,924
star
3

pylint

It's not just a linter that annoys you!
Python
4,246
star
4

flake8

flake8 is a python tool that glues together pycodestyle, pyflakes, mccabe, and third-party plugins to check the style and quality of some python code.
Python
3,068
star
5

pyflakes

A simple program which checks Python source files for errors
Python
1,304
star
6

pydocstyle

docstring style checker
Python
1,105
star
7

flake8-bugbear

A plugin for Flake8 finding likely bugs and design problems in your program. Contains warnings that don't belong in pyflakes and pycodestyle.
Python
1,056
star
8

autoflake

Removes unused imports and unused variables as reported by pyflakes
Python
877
star
9

redbaron

Bottom-up approach to refactoring in python
Python
683
star
10

mccabe

McCabe complexity checker for Python
Python
602
star
11

pylint-django

Pylint plugin for improving code analysis for when using Django
Python
556
star
12

docformatter

Formats docstrings to follow PEP 257
Python
528
star
13

pep8-naming

Naming Convention checker for Python
Python
471
star
14

astroid

A common base representation of python source code for pylint and other projects
Python
425
star
15

modernize

Modernizes Python code for eventual Python 3 migration. Built on top of fissix (a fork of lib2to3)
Python
326
star
16

baron

IDE allow you to refactor code, Baron allows you to write refactoring code.
Python
285
star
17

flake8-import-order

Flake8 plugin that checks import order against various Python Style Guides
Python
277
star
18

eradicate

Removes commented-out code from Python files
Python
199
star
19

doc8

Style checker for sphinx (or other) rst documentation.
Python
158
star
20

flake8-docstrings

Integration of pydocstyle and flake8 for combined linting and reporting
Python
144
star
21

flake8-commas

Flake8 extension for enforcing trailing commas in python
Python
131
star
22

flake8-pyi

A plugin for Flake8 that provides specializations for type hinting stub files
Python
73
star
23

pylint-celery

Pylint plugin for analysing code using Celery
Python
34
star
24

meta

Documentation about how the PyCQA organization works
Python
24
star
25

pylint-plugin-utils

Utilities and helpers for writing Pylint plugins
Python
20
star
26

oeuvre

A repository to collect examples of Python code for testing code-quality tools
Python
11
star
27

flake8-polyfill

Project to make writing plugins across major versions of flake8 easier
Python
11
star
28

flake8-json

JSON formatter for Flake8 output
Python
10
star
29

bandit-action

GitHub Action to run Bandit
9
star
30

infrastructure

Mirror of PyCQA's infrastructure playbooks
6
star
31

mccabe-console-script

Add a console script for the mccabe complexity checker
Python
4
star