{"id":23045,"library":"bandit-sarif-formatter","title":"Bandit SARIF Formatter","description":"A formatter that converts Bandit security analysis results into the SARIF Version 2.1.0 format, enabling integration with GitHub Advanced Security and other SARIF-compatible tools. The current version is 1.1.1. The package acts as a custom formatter for Bandit; release cadence is low, with maintenance updates as needed.","status":"active","version":"1.1.1","language":"python","source_language":"en","source_url":"https://github.com/microsoft/bandit-sarif-formatter","tags":["sarif","bandit","static-analysis","security"],"install":[{"cmd":"pip install bandit-sarif-formatter","lang":"bash","label":"Install from PyPI"}],"dependencies":[{"reason":"Required runtime dependency; Bandit must be installed and used to generate the SARIF output.","package":"bandit","optional":false},{"reason":"Library used for creating SARIF objects, automatically installed.","package":"sarif-om","optional":false}],"imports":[{"note":"Correct import path for version 1.x. No common wrong import known.","symbol":"add_sarif_options","correct":"from bandit_sarif_formatter import add_sarif_options"},{"note":"Correct import path for version 1.x. No common wrong import known.","symbol":"BanditSARIFFormatter","correct":"from bandit_sarif_formatter import BanditSARIFFormatter"}],"quickstart":{"code":"import bandit\nfrom bandit.core import manager, config\n\n# Use bandit with the sarif formatter via command line or programmatically\n# The quickest way: run bandit with the custom formatter\n# command: bandit -r /path/to/your/code -f sarif -o results.sarif\n# Or using Python:\nfrom bandit_sarif_formatter import add_sarif_options\nargs = ['-r', '.', '-f', 'sarif', '-o', 'output.sarif']\nbandit_runner = manager.BanditManager(config.BanditConfig(), agg_type='vuln')\nbandit_runner.run_tests(args)\n","lang":"python","description":"Example usage via command line or programmatic invocation. The preferred method is to use the bandit CLI with the custom formatter."},"warnings":[{"fix":"First install bandit, then run: bandit -r <target> -f sarif -o results.sarif","message":"The formatter produces a .sarif file; ensure Bandit itself is correctly installed and configured. The formatter only modifies output, not analysis.","severity":"gotcha","affected_versions":">=1.0.0"},{"fix":"Use 'from bandit_sarif_formatter import ...' not 'bandit-sarif-formatter'.","message":"The package name on PyPI uses hyphens, but Python imports use underscores (bandit_sarif_formatter). Failing to replace hyphens with underscores causes ModuleNotFoundError.","severity":"gotcha","affected_versions":"all"}],"env_vars":null,"last_verified":"2026-05-01T00:00:00.000Z","next_check":"2026-07-30T00:00:00.000Z","problems":[{"fix":"Use: from bandit_sarif_formatter import ...","cause":"Trying to import the hyphenated package name directly instead of the underscored module name.","error":"ModuleNotFoundError: No module named 'bandit-sarif-formatter'"},{"fix":"Upgrade bandit: pip install --upgrade bandit. Ensure bandit-sarif-formatter is installed.","cause":"Bandit version older than 1.6.0 may not support custom formatters via -f. Alternatively, the formatter may not be installed.","error":"bandit: error: unrecognized arguments: -f sarif"},{"fix":"Reinstall the package: pip install --upgrade bandit-sarif-formatter. Check that the entry point is correctly installed in site-packages.","cause":"The formatter plugin is not registered correctly or Bandit cannot locate it.","error":"No formatter found with name 'sarif'"}],"ecosystem":"pypi","meta_description":null,"install_score":null,"install_tag":null,"quickstart_score":null,"quickstart_tag":null}