Bandit

LSE top 100LSE top 100Bandit (64)Bandit (64)

Tool and Usage

Project details

License
Apache License 2.0
Programming language
Python
Latest release
1.7.10
Latest release date

Project health

85
This score is calculated by different factors, like project age, last release date, etc.

Why this tool?

Bandit is a tool that can be used during development or afterward. Typically this is used by developers to find common security issues in Python code before putting the code in production. Another use-case would be to use this tool to analyze existing projects and find possible flaws.

How it works

Bandit processes each file and builds an AST from it. Then it runs the appropriate plugins against the AST nodes and collects any findings. These findings are displayed on the screen, followed by a report. The report itself contains the number of findings by priority and confidence.

Usage and audience

Bandit is commonly used for code analysis. Target users for this tool are developers, pentesters, and security professionals.

Features

  • CSV output supported
  • Command line interface
  • HTML output
  • JSON output supported

Example usage and output

--------------------------------------------------
>> Issue: [B101:assert_used] Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
Severity: Low Confidence: High
Location: website/views.py:7061
7060 def hotp_verify(hotp, key, counter, hash=SHA1(), digits=6, look_ahead=5):
7061 assert look_ahead >= 0
7062 correct_counter = None

--------------------------------------------------

Code scanned:
Total lines of code: 25201
Total lines skipped (#nosec): 0

Run metrics:
Total issues (by severity):
Undefined: 0
Low: 3
Medium: 7
High: 0
Total issues (by confidence):
Undefined: 0
Low: 0
Medium: 7
High: 3

Tool review and remarks

The review and analysis of this project resulted in the following remarks for this security tool:

Strengths

  • + More than 50 contributors
  • + The source code of this software is available
  • + Supported by a large company

Installation

Supported operating systems

Bandit is known to work on Linux.

Dependencies

Several dependencies are required to use Bandit.

  • GitPython
  • pyyaml
  • six
  • stevedore

Bandit alternatives

Similar tools to Bandit:

60

PyT

Python Taint (or PyT) is a static code analyzer for Python scripts and applications. It tries to discover vulnerabilities or other possible weaknesses.

93

graudit

Graudit is a security tool to perform static code analysis by using the grep tool. It is a lightweight solution to find common issues in code.

85

gosec

Gosec is a security tool that performs a static code analysis for Golang projects for security flaws. Read how it works in this review.

All Bandit alternatives

This tool page was updated at . Found an improvement? Help the community by submitting an update.

Related tool information

Categories

This tool is categorized as a Python code analysis tool, Python security tool, and static code analyzer.