bandit
Safeguard articles tagged "bandit" — guides, analysis, and best practices for software supply chain and application security.
4 articles
Python linting for security hygiene: what flake8, pylint, and bandit actually catch
Bandit maps findings to CWE IDs like CWE-502 and CWE-78, but flake8 and pylint never look for a vulnerability at all — the three tools solve different problems.
The Python code review security checklist: eval, pickle, and shell=True
Bandit ships named checks for eval, pickle, and shell=True — B307, B301, B602 — yet these three smells still slip past manual review into production Python.
The three dimensions of Python static analysis, and where each one blinds itself
AST scanners, taint trackers, and type checkers each solve a different problem — and each has a documented blind spot that lets real bugs through untouched.
Bandit for Python Security Linting: Getting Real Value From Static Analysis
Bandit scans Python code for security issues. Here is how to configure it so it catches real bugs without burying your team in false positives.