Bandit SARIF Formatter

1.1.1 verified Fri May 01 auth: no python

A formatter that converts Bandit security analysis results into the SARIF Version 2.1.0 format, enabling integration with GitHub Advanced Security and other SARIF-compatible tools. The current version is 1.1.1. The package acts as a custom formatter for Bandit; release cadence is low, with maintenance updates as needed.

pip install bandit-sarif-formatter

Common errors

error ModuleNotFoundError: No module named 'bandit-sarif-formatter' ↓

cause Trying to import the hyphenated package name directly instead of the underscored module name.

fix

Use: from bandit_sarif_formatter import ...

error bandit: error: unrecognized arguments: -f sarif ↓

cause Bandit version older than 1.6.0 may not support custom formatters via -f. Alternatively, the formatter may not be installed.

fix

Upgrade bandit: pip install --upgrade bandit. Ensure bandit-sarif-formatter is installed.

error No formatter found with name 'sarif' ↓

cause The formatter plugin is not registered correctly or Bandit cannot locate it.

fix

Reinstall the package: pip install --upgrade bandit-sarif-formatter. Check that the entry point is correctly installed in site-packages.

Warnings

gotcha The formatter produces a .sarif file; ensure Bandit itself is correctly installed and configured. The formatter only modifies output, not analysis. ↓

fix First install bandit, then run: bandit -r <target> -f sarif -o results.sarif

gotcha The package name on PyPI uses hyphens, but Python imports use underscores (bandit_sarif_formatter). Failing to replace hyphens with underscores causes ModuleNotFoundError. ↓

fix Use 'from bandit_sarif_formatter import ...' not 'bandit-sarif-formatter'.

Imports

add_sarif_options
```
from bandit_sarif_formatter import add_sarif_options
```
Correct import path for version 1.x. No common wrong import known.
BanditSARIFFormatter
```
from bandit_sarif_formatter import BanditSARIFFormatter
```
Correct import path for version 1.x. No common wrong import known.

Quickstart

Example usage via command line or programmatic invocation. The preferred method is to use the bandit CLI with the custom formatter.

import bandit
from bandit.core import manager, config

# Use bandit with the sarif formatter via command line or programmatically
# The quickest way: run bandit with the custom formatter
# command: bandit -r /path/to/your/code -f sarif -o results.sarif
# Or using Python:
from bandit_sarif_formatter import add_sarif_options
args = ['-r', '.', '-f', 'sarif', '-o', 'output.sarif']
bandit_runner = manager.BanditManager(config.BanditConfig(), agg_type='vuln')
bandit_runner.run_tests(args)