bandit
https://github.com/pycqa/bandit
Python
Bandit is a tool designed to find common security issues in Python code.
Triage Issues!
When you volunteer to triage issues, you'll receive an email each day with a link to an open issue that needs help in this project. You'll also receive instructions on how to triage issues.
Triage Docs!
Receive a documented method or class from your favorite GitHub repos in your inbox every day. If you're really pro, receive undocumented methods or classes and supercharge your commit history.
Python not yet supported6 Subscribers
Add a CodeTriage badge to bandit
Help out
- Issues
- Ensure that each #nosec usage has an accompanying explanation
- Runtime error with output report
- Add plugin to detect Flask/Jinja2 template injection
- Be more clever about repository path in baseline run
- Check for calls of functions susceptible to AST stack overflow
- Allow a test to return more than one Issue
- The `baseline` CLI doesn't allow specifying the base commit
- Optionally output all issues regardless of configured levels
- When logging to the console, we should use stderr
- Add security test to detect when sudo is being called in code.
- Docs
- Python not yet supported