{"library":"bandit","title":"Bandit","description":"Bandit is an open-source security-oriented static analyser for Python code, designed to find common security issues early in the development lifecycle. It processes each file, builds an Abstract Syntax Tree (AST) from it, and runs a set of security-focused plugins against the AST nodes, generating reports with severity and confidence levels. Maintained by the PyCQA community, Bandit is currently at version 1.9.4 and requires Python >=3.10. Its release cadence focuses on compatibility updates and rule maintenance, indicating a stable and actively supported utility.","language":"python","status":"active","last_verified":"Sun Apr 05","install":{"commands":["pip install bandit","pip install bandit[toml]","pip install bandit[baseline]"],"cli":{"name":"bandit","version":"bandit 1.9.4"}},"imports":[],"auth":{"required":false,"env_vars":[]},"quickstart":{"code":"# Save this as vulnerable_app.py\nimport os\nimport subprocess\n\ndef execute_command(command_str):\n    # B602: subprocess_popen_with_shell_equals_true - High severity, high confidence\n    subprocess.call(command_str, shell=True) \n\ndef process_user_input(user_input):\n    # B307: eval - High severity, high confidence\n    eval(user_input)\n\nif __name__ == \"__main__\":\n    print(\"Creating a dummy vulnerable file for Bandit scan.\")\n    with open(\"dummy_code.py\", \"w\") as f:\n        f.write(\"import subprocess\\n\")\n        f.write(\"command = os.environ.get('UNSAFE_COMMAND', 'ls -l')\\n\")\n        f.write(\"subprocess.call(command, shell=True)\\n\")\n\n    print(\"Now run Bandit from your terminal:\")\n    print(\"bandit -r .\\n\")\n    print(\"Or specifically on the dummy file:\")\n    print(\"bandit dummy_code.py\\n\")\n    print(\"Example output will show security issues like B602.\")\n\n# To clean up after running:\n# os.remove(\"dummy_code.py\")\n","lang":"python","description":"Bandit is primarily a command-line tool. To quickly scan your code for security issues, you first create a Python file, and then run Bandit against it. This example creates a dummy file with common vulnerabilities and instructs on how to run Bandit.","tag":null,"tag_description":null,"last_tested":"2026-04-24","results":[{"runtime":"python:3.10-alpine","exit_code":0},{"runtime":"python:3.10-slim","exit_code":0},{"runtime":"python:3.11-alpine","exit_code":0},{"runtime":"python:3.11-slim","exit_code":0},{"runtime":"python:3.12-alpine","exit_code":0},{"runtime":"python:3.12-slim","exit_code":0},{"runtime":"python:3.13-alpine","exit_code":0},{"runtime":"python:3.13-slim","exit_code":0},{"runtime":"python:3.9-alpine","exit_code":0},{"runtime":"python:3.9-slim","exit_code":0}]},"compatibility":null}