A tool for finding security issues in Python code (https://bandit.readthedocs.io).

Config section: [bandit]

Basic options

skip

--[no-]bandit-skip
PANTS_BANDIT_SKIP
default: False

Don't use Bandit when running `./pants lint`


args

--bandit-args="[<shell_str>, <shell_str>, ...]"
PANTS_BANDIT_ARGS
default: []

Arguments to pass directly to Bandit, e.g. `--bandit-args="--skip B101,B308 --confidence"`


Advanced options

version

--bandit-version=<str>
PANTS_BANDIT_VERSION
default: bandit>=1.6.2,<1.7

Requirement string for the tool.


extra_requirements

--bandit-extra-requirements="['<str>', '<str>', ...]"
PANTS_BANDIT_EXTRA_REQUIREMENTS
default:
[
  "setuptools<45",
  "stevedore<3"
]

Any additional requirement strings to use with the tool. This is useful if the tool allows you to install plugins or if you need to constrain a dependency to a certain version.


console_script

--bandit-console-script=<str>
PANTS_BANDIT_CONSOLE_SCRIPT
default: bandit

The console script for the tool. Using this option is generally preferable to (and mutually exclusive with) specifying an --entry-point since console script names have a higher expectation of staying stable across releases of the tool. Usually, you will not want to change this from the default.


entry_point

--bandit-entry-point=<str>
PANTS_BANDIT_ENTRY_POINT
default: None

The entry point for the tool. Generally you only want to use this option if the tool does not offer a --console-script (which this option is mutually exclusive with). Usually, you will not want to change this from the default.


config

--bandit-config=<file_option>
PANTS_BANDIT_CONFIG
default: None

Path to a Bandit YAML config file (https://bandit.readthedocs.io/en/latest/config.html).


Deprecated options

None


Did this page help you?