A tool for finding security issues in Python code (https://bandit.readthedocs.io).
Don't use Bandit when running
Arguments to pass directly to Bandit, e.g.
--bandit-args="--skip B101,B308 --confidence"
Requirement string for the tool.
--bandit-extra-requirements="['<str>', '<str>', ...]"
[ "setuptools", "GitPython==3.1.18" ]
Any additional requirement strings to use with the tool. This is useful if the tool allows you to install plugins or if you need to constrain a dependency to a certain version.
Path to a lockfile used for installing the tool.
Set to the string
<default> to use a lockfile provided by Pants, so long as you have not changed the
--extra-requirements options, and the tool's interpreter constraints are compatible with the default. Pants will error or warn if the lockfile is not compatible (controlled by
[python].invalid_lockfile_behavior). See https://github.com/pantsbuild/pants/blob/release_2.10.1rc1/src/python/pants/backend/python/lint/bandit/lockfile.txt for the default lockfile contents.
Set to the string
<none> to opt out of using a lockfile. We do not recommend this, though, as lockfiles are essential for reproducible builds.
To use a custom lockfile, set this option to a file path relative to the build root, then run
./pants generate-lockfiles --resolve=bandit.
Lockfile generation currently does not wire up the
[python-repos] options. If lockfile generation fails, you can manually generate a lockfile, such as by using pip-compile or
pip freeze. Set this option to the path to your manually generated lockfile. When manually maintaining lockfiles, set
[python].invalid_lockfile_behavior = 'ignore'.
The console script for the tool. Using this option is generally preferable to (and mutually exclusive with) specifying an --entry-point since console script names have a higher expectation of staying stable across releases of the tool. Usually, you will not want to change this from the default.
The entry point for the tool. Generally you only want to use this option if the tool does not offer a --console-script (which this option is mutually exclusive with). Usually, you will not want to change this from the default.
Path to a Bandit YAML config file (https://bandit.readthedocs.io/en/latest/config.html).
Updated 9 months ago