bandit
Bandit is a tool designed to find common security issues in Python code. To do this Bandit processes each file, builds an AST from it, and runs appropriate plugins against the AST nodes. Once Bandit has finished scanning all the files it generates a report.Bandit was originally developed within the OpenStack Security Project and later rehomed to PyCQA.
Name:bandit
Category:Static Code Analysis
Publisher:trickest
Created:6/23/2021
Container:
quay.io/trickest/bandit:1.7.1Output Type:
License:Unknown
Source:View Source
Parameters
-dTurn on debug mode-qOnly show output in the case of an error--profileProfile to use (defaults to executing all tests)--skipComma-separated list of test IDs to skip--testsComma-separated list of test IDs to run--verboseOutput extra information like excluded and included files--baselinePath of a baseline report to compare against (only JSON-formatted files are accepted)--iniPath to a .bandit file that supplies command line arguments--aggregateAggregate ggregate output by vulnerability (default) or by filename--exit-zeroExit with 0, even with results found-lReport only issues of a given severity level or higher (level for LOW, -ll for MEDIUM, -lll for HIGH)--confidenceReport only issues of a given confidence level or higher-lllReport only issues of a given severity level or higher (level for LOW, -ll for MEDIUM, -lll for HIGH)--configfileOptional config file to use for selecting plugins and overriding defaults--ignore-nosecDo not skip lines with # nosec comments-llReport only issues of a given severity level or higher (level for LOW, -ll for MEDIUM, -lll for HIGH)--msg-templateSpecify output message template (only usable with output-format is set to custom)--numberMaximum number of code lines to output for each issuetargetsSource file(s)--excludeComma-separated list of paths (glob patterns supported) to exclude from scan (note that these are in addition to the excluded paths provided in the config file) (default: .svn,CVS,.bzr,.hg,.git,__pycache__,.tox,.eggs,*.egg)-f{csv,custom,html,json,screen,txt,xml,yaml}targetsSource folder--recursiveFind and process files in subdirectories