Bandit

Bandit is a tool designed to find common security issues in Python code. To do this, Bandit processes each file, builds an AST from it, and runs appropriate plugins against the AST nodes. Once Bandit has finished scanning all the files, it generates a report. Bandit was originally developed within the OpenStack Security Project and later rehomed to PyCQA.

Features

Apache license
Designed to find common security issues in Python code
Bandit processes each file
Builds an AST from it
Runs appropriate plugins against the AST nodes
Once Bandit has finished scanning all the files it generates a report

Project Samples

Project Activity

See All Activity >

License

Apache License V2.0

Follow Bandit

Bandit Web Site

Other Useful Business Software

Add Two Lines of Code. Get Full APM.

AppSignal installs in minutes and auto-configures dashboards, alerts, and error tracking.

Works out of the box for Rails, Django, Express, Phoenix, and more. Monitoring exceptions and performance in no time.

Start Free

Rate This Project

User Reviews

Be the first to post a review of Bandit!

Additional Project Details

Programming Language

Python

Related Categories

Python Static Code Analysis Tool

Registered

2023-03-30

Similar Business Software

Parasoft

"Parasoft delivers an AI‑powered software testing platform that helps organizations continuously release high‑quality software. Our solutions support embedded and enterprise teams by integrating code analysis, testing, virtualization, and coverage into the delivery pipeline to improve security,...

See Software
ZeroPath

ZeroPath (YC S24) is an AI-native application security platform that delivers comprehensive code protection beyond traditional SAST. Founded by security engineers from Tesla and Google, ZeroPath combines large language models with advanced program analysis to find and automatically fix...

See Software
TrustInSoft Analyzer

TrustInSoft Analyzer is a C/C++/Rust source code analyzer powered by formal methods, mathematical & logical reasonings that allow for exhaustive analysis of source code. This analysis can be run without false positives or false negatives, so that every real bug in the code is found. Developers...

See Software
Snyk

Snyk is the leader in developer security. We empower the world’s developers to build secure applications and equip security teams to meet the demands of the digital world. Our developer-first approach ensures organizations can secure all of the critical components of their applications from code...

See Software
Visual Expert

Visual Expert is a static code analyzer for Oracle PL/SQL, SQL Server T-SQL, and PowerBuilder. Identify code dependencies to modify your code without breaking your application. Scan your code to improve the security, performance, and quality. Perform Impact analysis to Identify breaking...

See Software
Sparrow SAST

Support over 20 languages including Java, JSP, C/C++, C#, Python, Swift, ASP(.NET), ABAP, Object C, etc. Complies with global security compliances guides and standards. MVC structure analysis, associated file analysis, and analysis of function call relationship in various levels. Incremental...

See Software