bandit

---

A tool for finding security issues in Python code (https://bandit.readthedocs.io).

Backend: ``

Config section: [bandit]

Basic options

args

--bandit-args="[<shell_str>, <shell_str>, ...]"
PANTS_BANDIT_ARGS

pants.toml

[bandit]
args = [
    <shell_str>,
    <shell_str>,
    ...,
]

default: []

Arguments to pass directly to Bandit, e.g. --bandit-args="--skip B101,B308 --confidence"

skip

--[no-]bandit-skip
PANTS_BANDIT_SKIP

pants.toml

[bandit]
skip = <bool>

default: False

Don't use Bandit when running /home/josh/work/scie-pants/dist/pants lint

Advanced options

config

--bandit-config=<file_option>
PANTS_BANDIT_CONFIG

pants.toml

[bandit]
config = <file_option>

default: None

Path to a Bandit YAML config file

entry_point

--bandit-entry-point=<str>
PANTS_BANDIT_ENTRY_POINT

pants.toml

[bandit]
entry_point = <str>

default: bandit

The main module for the tool. Usually, you will not want to change this from the default.

extra_requirements

--bandit-extra-requirements="['<str>', '<str>', ...]"
PANTS_BANDIT_EXTRA_REQUIREMENTS

pants.toml

[bandit]
extra_requirements = [
    '<str>',
    '<str>',
    ...,
]

default:

[
  "setuptools<45",
  "stevedore<3"
]

Any additional requirement strings to use with the tool. This is useful if the tool allows you to install plugins or if you need to constrain a dependency to a certain version.

version

--bandit-version=<str>
PANTS_BANDIT_VERSION

pants.toml

[bandit]
version = <str>

default: bandit>=1.6.2,<1.7

Requirement string for the tool.

Deprecated options

interpreter_constraints

--bandit-interpreter-constraints="['<str>', '<str>', ...]"
PANTS_BANDIT_INTERPRETER_CONSTRAINTS

pants.toml

[bandit]
interpreter_constraints = [
    '<str>',
    '<str>',
    ...,
]

default: []
Deprecated, will be removed in version: 2.1.0.dev0.
This option no longer does anything, as Pants auto-configures the interpreter constraints for bandit based on your code's interpreter constraints.

Python interpreter constraints for this tool.

Related subsystems

None