In this lesson, you will learn,
- what bandit is
- how to test the security of your code using bandit
- bandits main configuration options.
What is Bandit?
Bandit is a security linting tool for discovering Python-based security issues. This includes security issues such as hard-coded password strings or SSL certificate checking being disabled.
How to Install Bandit
Installation of Bandit is performed by running the following:
poetry add -D bandit
Bandit can be run recursively (via
-r) or against a file. Examples of each are shown below:
$ bandit -r . $ bandit -r dir/* $ bandit myfile.py
Therefore, let’s say we have the following file:
import requests requests.get("https://api.packetcoders.io/devices/", verify=False)