In this lesson, you will learn,

  • what bandit is
  • how to test the security of your code using bandit
  • bandits main configuration options.
You can find the scripts and code for this course within the Automating Python Code Quality repo.

What is Bandit?

Bandit is a security linting tool for discovering Python-based security issues. This includes security issues such as hard-coded password strings or SSL certificate checking being disabled.

How to Install Bandit

Installation of Bandit is performed by running the following:

poetry add -D bandit

Usage

Bandit can be run recursively (via -r) or against a file. Examples of each are shown below:

$ bandit -r .
$ bandit -r dir/*
$ bandit myfile.py

Therefore, let’s say we have the following file:

import requests

requests.get("https://api.packetcoders.io/devices/", verify=False)
Ready to Master Network Automation? Start Your Journey Today!
Our membership provides:
  • Full deep-dive course library (inc. Batfish, pyATS, Netmiko)
  • Code repositories inc. full course code, scripts and examples
  • 24x7 multi-vendor labs (Arista, Cisco, Juniper)
  • Private online community
  • Live monthly tech sessions
  • Access to tech session library

Join Now ➜
Close You've successfully subscribed to Packet Coders.
Close Success! Your account is fully activated, you now have access to all content.
Close Welcome back! You've successfully signed in.
Close Nearly there! To activate your account, please click the link in the email we just sent you.