bandit
« Back to VersTracker
Description:
Security-oriented static analyser for Python code
Type: Formula  |  Latest Version: 1.9.2@0  |  Tracked Since: Dec 17, 2025
Links: Homepage  |  @PyCQA  |  formulae.brew.sh
Category: Security
Tags: security static-analysis python linter devsecops
Install: brew install bandit
About:
Bandit is a comprehensive security linter designed to find common security issues in Python code. It utilizes an AST-based approach to detect vulnerabilities such as hardcoded passwords, shell injections, and unsafe deserialization. The tool provides a flexible framework for developers to integrate security checks into their CI/CD pipelines.
Key Features:
  • AST-based static analysis for deep code inspection
  • Configurable testing framework with built-in profiles
  • Plugin system for custom security checks
  • Supports multiple output formats (JSON, HTML, XML)
Use Cases:
  • Scanning Python projects for known vulnerability patterns
  • Integrating security checks into CI/CD pipelines
  • Auditing third-party Python libraries for security risks
Alternatives:
  • Semgrep – Semgrep is a multi-language static analysis tool with a broader scope, while Bandit is specifically focused on Python security.
  • Pylint – Pylint focuses on code quality and style, whereas Bandit focuses specifically on security vulnerabilities.
License: Apache-2.0
Dependencies: libyaml, python@3.14
Bottles available for: arm64_tahoe, arm64_sequoia, arm64_sonoma, sonoma, arm64_linux, x86_64_linux
Version History
Detected Version Rev Change Commit
Nov 18, 2025 3:56am 0 VERSION_BUMP 24ec1c89
Sep 13, 2025 11:42am 0 VERSION_BUMP 60fe0734
Jan 12, 2025 10:51pm 0 VERSION_BUMP 3d0abab8
Nov 27, 2024 3:13am 0 VERSION_BUMP d0e18dc6
Nov 27, 2024 2:19am 0 VERSION_BUMP 882dc7bf
« Back to VersTracker  |  Browse Packages  |  About