LSE toolsLSE toolsBandit (156)Bandit (156)

Tool and Usage

Bandit is an AST-based static analyzer for analyzing Python code. It helps with finding code flaws that could lead to security vulnerabilities.

Why this tool?

Bandit is a tool that can be used during development or afterward. Typically this is used by developers to find common security issues in Python code before putting the code in production. Another use-case would be to use this tool to analyze existing projects and find possible flaws.

How it works

Bandit processes each file and builds an AST from it. Then it runs the appropriate plugins against the AST nodes and collects any findings. After finishing, it generated a report with all the findings.

Usage and audience

This tool is categorized as a static code analyzer.

Bandit is commonly used for code analysis. Target users for this tool are developers, pentesters, and security professionals.


  • Bandit is written in Python
  • Command line interface


Support operating systems

Bandit is known to work on Linux.


Several dependencies are required to use Bandit.

  • GitPython
  • pyyaml
  • six
  • stevedore
This tool page was recently updated. Found an improvement? Become an influencer and submit an update.
Project details
Latest release1.4.0 [2017-01-06]
License(s)Apache License 2.0
Last updatedOct. 3, 2017

Project health

This score is calculated by different factors, like project age, last release date, etc.


GitHub iconBandit GitHub project

Related terms