How to use bandit library?

# webdev# python# bandit# backend
How to use bandit library?Arshia Rahbari

Bandit is a static analysis tool for finding common security issues in Python code. It is easy to use...

Bandit is a static analysis tool for finding common security issues in Python code. It is easy to use and does not require any changes to your source code. Simply run it from the terminal.

Here we have a tutorial on basic functions of bandit PYPI library:

  1. First we add the package to our project similar to other python libraries: 
pip install bandit
Enter fullscreen mode Exit fullscreen mode
  1. Then to scan a single app, go to the root of your project and write (both Win and MC): 
bandit your_app_name.py
Enter fullscreen mode Exit fullscreen mode
  1. To scan all the files in the root folder of your project: 
bandit -r .
Enter fullscreen mode Exit fullscreen mode
  1. You can save result of bandit test in a JSON or HTML file:
  • for JSON: 
bandit -r . -f json -o bandit-report.json
Enter fullscreen mode Exit fullscreen mode
  • for HTML: 
bandit -r . -f html -o bandit-report.html
Enter fullscreen mode Exit fullscreen mode
  1. If you have folders like test or venv that you want bandit to don't check them, you can use: 
bandit -r . -x tests,venv
Enter fullscreen mode Exit fullscreen mode

Notice: The commands work the same on Windows and macOS.

If you have any questions and problems, please leave a comment!