sast-bandit

Solid

Python security vulnerability detection using Bandit SAST with CWE and OWASP mapping. Use when: (1) Scanning Python code for security vulnerabilities and anti-patterns, (2) Identifying hardcoded secrets, SQL injection, command injection, and insecure APIs, (3) Generating security reports with severity classifications for CI/CD pipelines, (4) Providing remediation guidance with security framework references, (5) Enforcing Python security best practices in development workflows.

AI & Automation 335 stars 29 forks Updated today

Install

View on GitHub

Quality Score: 85/100

Stars 20%
84
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
80
License 10%
0
Description 5%
100

Skill Content

# Bandit Python SAST ## Overview Bandit is a security-focused static analysis tool for Python that identifies common security vulnerabilities and coding anti-patterns. It parses Python code into Abstract Syntax Trees (AST) and executes security plugins to detect issues like hardcoded credentials, SQL injection, command injection, weak cryptography, and insecure API usage. Bandit provides actionable reports with severity classifications aligned to industry security standards. ## Quick Start Scan a Python file or directory for security vulnerabilities: ```bash # Install Bandit pip install bandit # Scan single file bandit suspicious_file.py # Scan entire directory recursively bandit -r /path/to/python/project # Generate JSON report bandit -r project/ -f json -o bandit_report.json # Scan with custom config bandit -r project/ -c .bandit.yaml ``` ## Core Workflow ### Step 1: Install and Configure Bandit Install Bandit via pip: ```bash pip install bandit ``` Create a configuration file `.bandit` or `.bandit.yaml` to customize scans: ```yaml # .bandit.yaml exclude_dirs: - /tests/ - /venv/ - /.venv/ - /node_modules/ skips: - B101 # Skip assert_used checks in test files tests: - B201 # Flask app run with debug=True - B301 # Pickle usage - B601 # Shell injection - B602 # Shell=True in subprocess ``` ### Step 2: Execute Security Scan Run Bandit against Python codebase: ```bash # Basic scan with severity threshold bandit -r . -ll # Report only m...

Details

Author
aiskillstore
Repository
aiskillstore/marketplace
Created
5 months ago
Last Updated
today
Language
Python
License
None

Integrates with

Flask · Backend

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Solid

sast-analyzer

Static Application Security Testing orchestration and analysis. Execute Semgrep, Bandit, ESLint security plugins, CodeQL, and other SAST tools. Parse, prioritize, and deduplicate findings across multiple tools with remediation guidance.

1,160 Updated today
a5c-ai
AI & Automation Featured

security-scanning-security-sast

Static Application Security Testing (SAST) for code vulnerability analysis across multiple languages and frameworks

39,350 Updated today
sickn33
AI & Automation Listed

security

Security validation, vulnerability scanning, and compliance checking.

335 Updated today
aiskillstore
Testing & QA Listed

security-scanning-security-sast

Static Application Security Testing (SAST) for code vulnerability analysis across multiple languages and frameworks

335 Updated today
aiskillstore
AI & Automation Solid

skill-security-auditor

Security auditing for code, configs, and infrastructure. Use when the user wants to audit or improve security: scan for vulnerabilities (SQL injection, XSS, command injection, path traversal), detect hardcoded secrets and credentials, review auth and authorization, check dependencies for known CVEs, audit config files for insecure defaults, or generate security reports. Trigger on "security audit", "vulnerability scan", "code review for security", "find secrets", "check for vulnerabilities", "OWASP", "CVE", or questions about code security.

14,173 Updated today
eigent-ai