bandit
bandit copied to clipboard
PyCQA
Bandit is a tool designed to find common security issues in Python code.
This change updates the unit testing to only use released versions of Python 3.13. It also updates the PyPI classifier to declare 3.13 support.
This change starts testing against the alpha versions of Python 3.14 to catch potential problems early before it is officially released. Python 3.14 has dropped the deprecated use of ast.Bytes,...
There was an issue about documentations in GitHub Actions and had to look for the GitHub repo, added GitHub Actions documentation in ci-cd part to make sure it can easily...
### Describe the bug Command Used: `dist\run_bandit.exe -r C:\repo\python\kubernetes\base\config -f json -o result.json` Output: Running Bandit with the following parameters: Report directory: C:\repo\python\kubernetes\base\config Output format: json Output file: result.json Discovering...
Hi everyone! **Is your feature request related to a problem? Please describe.** I am writing a custom bandit plugin for my project and from what I understand, I need to...
### Describe the bug ``` Erics-MacBook-Pro-2:precli ericwb$ cat tests/unit/rules/python/stdlib/ssl/examples/get_server_certificate_no_timeout.py | bandit - [main] INFO profile include tests: None [main] INFO profile exclude tests: None [main] INFO cli include tests: None...
This change introduces a new playground in the docs where a user can test out Bandit right within their browser. This code uses PyScript (and sphinx-pyscript) to generate an editor...
### Describe the bug Hello `bandit` team, I observed `TarFile.extractall` is not detected as vulnerable (`B202:tarfile_unsafe_members`) without explicit `import tarfile` line present (even if it is not actually used). I...
