This lesson is part of the Automating Python Code Quality course.
In this lesson, you will learn,
- what bandit is
- how to test the security of your code using bandit
- bandits main configuration options.
What is Bandit?
Bandit is a security linting tool for discovering Python-based security issues. This includes security issues such as hard-coded password strings or SSL certificate checking being disabled.
How to Install Bandit
Installation of Bandit is performed by running the following:
poetry add -D bandit
Usage
Bandit can be run recursively (via -r
) or against a file. Examples of each are shown below:
$ bandit -r .
$ bandit -r dir/*
$ bandit myfile.py
Therefore, let’s say we have the following file:
import requests
requests.get("https://api.packetcoders.io/devices/", verify=False)