bandit
bandit copied to clipboard
PyCQA
Bandit is a tool designed to find common security issues in Python code.
This is a try at alleviating the pains of #318, see in particular https://github.com/PyCQA/bandit/issues/318#issuecomment-1717003477.
**Is your feature request related to a problem? Please describe.** For CI pipelines it can be convenient to run a linting/checking tool from a Docker image. For example, Pyup provides...
### Describe the bug Had pyproject.toml containing the following which worked fine in 1.7.6: ``` [tool.bandit.assert_used] skips = [ 'src/tests/*_test.py', ] ``` This fails in 1.7.7 unless changed to: ```...
[json schema](https://json-schema.org) can let editor which support LSP to complete some configuration file. Such as:  There are many tools have supported json schema: 
### Describe the bug Using nosec with a bandit ID like `# nosec: B108` doesn't appear to always work. See reproduction steps. ### Reproduction steps ```bash 1. Run .tox/py312/bin/bandit bandit/plugins/general_hardcoded_tmp.py...
When using Bandit to scan projects based on Git source control, it would be benefitual to ignore files based on the patterns in the .gitignore file. Today, Bandit has some...
We have https://github.com/PyCQA/bandit-action Shortly we will have an official image: https://github.com/PyCQA/bandit/pull/1088 Let's get the action work complete and publish to the marketplace. cc: @JAORMX who I know is interested in...
### Describe the bug ``` ========================================================================================== ERRORS =========================================================================================== _________________________________________________________________________________ ERROR at setup of test_id _________________________________________________________________________________ file /usr/ports/devel/py-bandit/work-py39/bandit-1.7.6/bandit/core/test_properties.py, line 49 def test_id(id_val): E fixture 'id_val' not found > available fixtures: anyio_backend,...
Transfer of OpenStack blueprint to GH issue: https://blueprints.launchpad.net/bandit/+spec/use-symtable Investigate if symtable can provide additional capabilities and improve accuracy of tests.
### Describe the bug We recently faced the following bandit error in oslo.serialization project. It seems bandit 1.7.6 contains the commit 3260f137873798b4b0c0c289373cc5e8fa2d93ed and now it reject importing xmlrpc. ``` >>...
