{"id":5930,"library":"flake8-bandit","title":"flake8-bandit","description":"flake8-bandit is a plugin for Flake8 that integrates the Bandit security linter directly into your Python code quality workflow. It automates security testing by scanning Python code for common security issues and vulnerabilities, reporting them as standard Flake8 errors. The current version is 4.1.1, released on August 29, 2022, with an irregular release cadence.","status":"active","version":"4.1.1","language":"en","source_language":"en","source_url":"https://github.com/tylerwince/flake8-bandit","tags":["linter","security","flake8-plugin","static-analysis","code-quality"],"install":[{"cmd":"pip install flake8-bandit","lang":"bash","label":"Install stable version"}],"dependencies":[{"reason":"flake8-bandit is a plugin for Flake8 and requires it to function.","package":"flake8","optional":false},{"reason":"flake8-bandit uses Bandit as its underlying security analysis engine.","package":"bandit","optional":false}],"imports":[],"quickstart":{"code":"# Install flake8-bandit (flake8 and bandit will be installed as dependencies)\npip install flake8-bandit\n\n# Run flake8-bandit on your project (it integrates automatically with flake8)\n# Example: Create a file named 'insecure_code.py'\n# with content: 'import subprocess; subprocess.call(\"ls\", shell=True)'\n# Then run: flake8 insecure_code.py\n\n# Expected output for the insecure_code.py example:\n# insecure_code.py:1:22: S602 Use of subprocess.call with shell=True is insecure. Consider using subprocess.run with shell=False. (subprocess-run-with-shell-equals-true)","lang":"bash","description":"Install flake8-bandit and then simply run the `flake8` command on your Python project. flake8-bandit automatically registers itself and runs Bandit's security checks. You can configure specific Bandit tests using a `.bandit` configuration file in your project root."},"warnings":[{"fix":"Create or modify a `.bandit` file in your project root to customize Bandit's behavior, for example:\n```ini\n[bandit]\nexclude = /tests,/docs\ntests = S101,S102\n```","message":"flake8-bandit uses a dedicated `.bandit` configuration file for fine-grained control over which security tests to include or exclude. This configuration is separate from Flake8's general configuration files (e.g., `.flake8`, `setup.cfg`).","severity":"gotcha","affected_versions":">=4.0.0"},{"fix":"When ignoring or selecting specific security rules, always refer to them with the 'S' prefix in your `.flake8`, `setup.cfg`, or `pyproject.toml` configuration (e.g., `ignore = S101`).","message":"flake8-bandit reports security issues using error codes prefixed with 'S' (e.g., S101, S501). Users familiar with Bandit's native output (which uses 'B' prefixes) or other Flake8 plugins might need to adjust their `ignore` or `per-file-ignores` rules in Flake8's configuration to match the 'S' prefix.","severity":"gotcha","affected_versions":">=4.0.0"}],"env_vars":null,"last_verified":"2026-04-14T00:00:00.000Z","next_check":"2026-07-13T00:00:00.000Z"}