bandit

Security oriented static analyser for python code.

These details have not been verified by PyPI

Project links

Project description

A security linter from PyCQA

Free software: Apache license
Documentation: https://bandit.readthedocs.io/en/latest/
Source: https://github.com/PyCQA/bandit
Bugs: https://github.com/PyCQA/bandit/issues
Contributing: https://github.com/PyCQA/bandit/blob/main/CONTRIBUTING.md

Overview

Bandit is a tool designed to find common security issues in Python code. To do this Bandit processes each file, builds an AST from it, and runs appropriate plugins against the AST nodes. Once Bandit has finished scanning all the files it generates a report.

Bandit was originally developed within the OpenStack Security Project and later rehomed to PyCQA.

Show Your Style

Use our badge in your project’s README!

using Markdown:

[![security: bandit](https://img.shields.io/badge/security-bandit-yellow.svg)](https://github.com/PyCQA/bandit)

using RST:

.. image:: https://img.shields.io/badge/security-bandit-yellow.svg
    :target: https://github.com/PyCQA/bandit
    :alt: Security Status

References

Python AST module documentation: https://docs.python.org/3/library/ast.html

Green Tree Snakes - the missing Python AST docs: https://greentreesnakes.readthedocs.org/en/latest/

Documentation of the various types of AST nodes that Bandit currently covers or could be extended to cover: https://greentreesnakes.readthedocs.org/en/latest/nodes.html

Container Images

Bandit is available as a container image, built within the bandit repository using GitHub Actions. The image is available on ghcr.io:

docker pull ghcr.io/pycqa/bandit/bandit

The image is built for the following architectures:

amd64
arm64
armv7
armv8

To pull a specific architecture, use the following format:

docker pull --platform=<architecture> ghcr.io/pycqa/bandit/bandit:latest

Every image is signed with sigstore cosign and it is possible to verify the source of origin using the following cosign command:

cosign verify ghcr.io/pycqa/bandit/bandit:latest \
  --certificate-identity https://github.com/pycqa/bandit/.github/workflows/build-publish-image.yml@refs/tags/<version> \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com

Where <version> is the release version of Bandit.

Project details

These details have not been verified by PyPI

Project links

Release history Release notifications | RSS feed

1.9.4

Feb 25, 2026

1.9.3

Jan 19, 2026

1.9.2

Nov 23, 2025

1.9.1

Nov 18, 2025

1.8.6

Jul 6, 2025

1.8.5

Jun 17, 2025

1.8.3

Feb 17, 2025

1.8.2

Jan 12, 2025

This version

1.8.1

Jan 12, 2025

1.8.0

Nov 27, 2024

1.7.10

Sep 23, 2024

1.7.9

Jun 12, 2024

1.7.8

Mar 8, 2024

1.7.7

Jan 23, 2024

1.7.6

Dec 9, 2023

1.7.5

Mar 10, 2023

1.7.4

Mar 4, 2022

1.7.3

Feb 27, 2022

1.7.2

Jan 26, 2022

1.7.1

Nov 12, 2021

1.7.0

Dec 13, 2020

1.6.3 yanked

Dec 6, 2020

Reason this release was yanked:

This version dropped py2 but was still published as a universal wheel, thus causing issues install via py2 pip.

1.6.2

Jul 1, 2019

1.6.1

Jun 15, 2019

1.6.0

May 9, 2019

1.5.1

Sep 6, 2018

1.5.0

Aug 16, 2018

1.4.0

Jan 12, 2017

1.3.0

Dec 2, 2016

1.2.0

Nov 16, 2016

1.1.0

Aug 15, 2016

1.0.1

Apr 5, 2016

0.17.3

Jan 27, 2016

0.17.2

Jan 27, 2016

0.17.0

Dec 17, 2015

0.16.2

Nov 19, 2015

0.16.1

Nov 13, 2015

0.16.0

Nov 13, 2015

0.15.2

Nov 4, 2015

0.15.1

Nov 4, 2015

0.15.0

Oct 29, 2015

0.14.1

Oct 14, 2015

0.14.0

Oct 12, 2015

0.13.2

Aug 14, 2015

0.13.1

Aug 12, 2015

0.13.0

Aug 5, 2015

0.12.0

Jun 29, 2015

0.11.0

May 7, 2015

0.10.1

Mar 25, 2015

0.10.0

Mar 23, 2015

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

bandit-1.8.1.tar.gz (4.2 MB view details)

Uploaded Jan 12, 2025 Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

The dropdown lists show the available interpreters, ABIs, and platforms. Enable javascript to be able to filter the list of wheel files.

bandit-1.8.1-py3-none-any.whl (127.2 kB view details)

Uploaded Jan 12, 2025 Python 3

File details

Details for the file bandit-1.8.1.tar.gz.

File metadata

Download URL: bandit-1.8.1.tar.gz
Upload date: Jan 12, 2025
Size: 4.2 MB
Tags: Source
Uploaded using Trusted Publishing? Yes
Uploaded via: twine/6.0.1 CPython/3.12.8

File hashes

Hashes for bandit-1.8.1.tar.gz
Algorithm	Hash digest
SHA256	`692553451fb36864c80663cd0d8a0015a2a25359d4c2fdea5255708eb7a82013`
MD5	`930faf8ab798f5618d2fe604cce52849`
BLAKE2b-256	`0aa4030de3683f7abda813cc545b4b198842a5ef4ce9cb51a0bc103e14be1e97`

See more details on using hashes here.

Provenance

The following attestation bundles were made for bandit-1.8.1.tar.gz:

Publisher: publish-to-pypi.yml on PyCQA/bandit

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Statement:
- Statement type: https://in-toto.io/Statement/v1
- Predicate type: https://docs.pypi.org/attestations/publish/v1
- Subject name: bandit-1.8.1.tar.gz
- Subject digest: 692553451fb36864c80663cd0d8a0015a2a25359d4c2fdea5255708eb7a82013
- Sigstore transparency entry: 161855794
- Sigstore integration time: Jan 12, 2025
Source repository:
- Permalink: PyCQA/bandit@e58379c5089305c845bae6e816e5faa5680b8097
- Branch / Tag: refs/tags/1.8.1
- Owner: https://github.com/PyCQA
- Access: public
Publication detail:
- Token Issuer: https://token.actions.githubusercontent.com
- Runner Environment: github-hosted
- Publication workflow: publish-to-pypi.yml@e58379c5089305c845bae6e816e5faa5680b8097
- Trigger Event: workflow_dispatch

File details

Details for the file bandit-1.8.1-py3-none-any.whl.

File metadata

Download URL: bandit-1.8.1-py3-none-any.whl
Upload date: Jan 12, 2025
Size: 127.2 kB
Tags: Python 3
Uploaded using Trusted Publishing? Yes
Uploaded via: twine/6.0.1 CPython/3.12.8

File hashes

Hashes for bandit-1.8.1-py3-none-any.whl
Algorithm	Hash digest
SHA256	`dfcd4bf12f9f28be77ee344098ab7489e97c0c6b7d0b49e2e880d35f246c3714`
MD5	`8e50b338b0097f7fc07364e7cd112fdb`
BLAKE2b-256	`0e2dca26d5ebdf9edff7edb1a53642d3a85976d58e09865c3a22b7b536289ff9`

See more details on using hashes here.

Provenance

The following attestation bundles were made for bandit-1.8.1-py3-none-any.whl:

Publisher: publish-to-pypi.yml on PyCQA/bandit

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Statement:
- Statement type: https://in-toto.io/Statement/v1
- Predicate type: https://docs.pypi.org/attestations/publish/v1
- Subject name: bandit-1.8.1-py3-none-any.whl
- Subject digest: dfcd4bf12f9f28be77ee344098ab7489e97c0c6b7d0b49e2e880d35f246c3714
- Sigstore transparency entry: 161855795
- Sigstore integration time: Jan 12, 2025
Source repository:
- Permalink: PyCQA/bandit@e58379c5089305c845bae6e816e5faa5680b8097
- Branch / Tag: refs/tags/1.8.1
- Owner: https://github.com/PyCQA
- Access: public
Publication detail:
- Token Issuer: https://token.actions.githubusercontent.com
- Runner Environment: github-hosted
- Publication workflow: publish-to-pypi.yml@e58379c5089305c845bae6e816e5faa5680b8097
- Trigger Event: workflow_dispatch

bandit 1.8.1

Navigation

Verified details

Project links

Owner

GitHub Statistics

Maintainers

Unverified details

Project links

Meta

Classifiers

Project description

Overview

Show Your Style

References

Container Images

Sponsors

Project details

Verified details

Project links

Owner

GitHub Statistics

Maintainers

Unverified details

Project links

Meta

Classifiers

Release history Release notifications | RSS feed

Download files

Source Distribution

Built Distribution

File details

File metadata

File hashes

Provenance

File details

File metadata

File hashes

Provenance