bandit
Bandit is a tool designed to find common security issues in Python code. To do this Bandit processes each file, builds an AST from it, and runs appropriate plugins against the AST nodes. Once Bandit has finished scanning all the files it generates a report.Bandit was originally developed within the OpenStack Security Project and later rehomed to PyCQA.
Details
Category: Static Code Analysis
Publisher: trickest
Created Date: 6/23/2021
Container: quay.io/trickest/bandit:1.7.1
Source URL: https://github.com/PyCQA/bandit
Parameters
debug
boolean
Command:
-d - Turn on debug modequiet
boolean
Command:
-q - Only show output in the case of an errorprofile
string
Command:
--profile - Profile to use (defaults to executing all tests)skip-id
string
Command:
--skip - Comma-separated list of test IDs to skiptest-id
string
Command:
--tests - Comma-separated list of test IDs to runverbose
boolean
Command:
--verbose - Output extra information like excluded and included filesbaseline
file
Command:
--baseline - Path of a baseline report to compare against (only JSON-formatted files are accepted)ini-file
file
Command:
--ini - Path to a .bandit file that supplies command line argumentsaggregate
string
Command:
--aggregate - Aggregate ggregate output by vulnerability (default) or by filenameexit-zero
boolean
requiredCommand:
--exit-zero - Exit with 0, even with results foundlevel-low
string
Command:
-l - Report only issues of a given severity level or higher (level for LOW, -ll for MEDIUM, -lll for HIGH)confidence
boolean
Command:
--confidence - Report only issues of a given confidence level or higherlevel-high
string
Command:
-lll - Report only issues of a given severity level or higher (level for LOW, -ll for MEDIUM, -lll for HIGH)config-file
file
Command:
--configfile - Optional config file to use for selecting plugins and overriding defaultsignore-nosec
boolean
Command:
--ignore-nosec - Do not skip lines with # nosec commentslevel-medium
string
Command:
-ll - Report only issues of a given severity level or higher (level for LOW, -ll for MEDIUM, -lll for HIGH)msg-template
string
Command:
--msg-template - Specify output message template (only usable with output-format is set to custom)number-lines
string
Command:
--number - Maximum number of code lines to output for each issuetargets-file
file
requiredCommand:
targets - Source file(s)exclude-paths
string
Command:
--exclude - Comma-separated list of paths (glob patterns supported) to exclude from scan (note that these are in addition to the excluded paths provided in the config file) (default: .svn,CVS,.bzr,.hg,.git,__pycache__,.tox,.eggs,*.egg)output-format
string
Command:
-f - {csv,custom,html,json,screen,txt,xml,yaml}targets-folder
folder
requiredCommand:
targets - Source folderrecursive-target
folder
Command:
--recursive - Find and process files in subdirectories