A tool for finding security issues in Python code (https://bandit.readthedocs.io).
Don't use Bandit when running
Arguments to pass directly to Bandit, e.g.
--bandit-args='--skip B101,B308 --confidence'.
If true, export a virtual environment with Bandit when running
This can be useful, for example, with IDE integrations to point your editor to the tool's binary.
Requirement string for the tool.
--bandit-extra-requirements="['<str>', '<str>', ...]"
[ "setuptools", "GitPython==3.1.18" ]
Any additional requirement strings to use with the tool. This is useful if the tool allows you to install plugins or if you need to constrain a dependency to a certain version.
Path to a lockfile used for installing the tool.
Set to the string
<default> to use a lockfile provided by Pants, so long as you have not changed the
--extra-requirements options, and the tool's interpreter constraints are compatible with the default. Pants will error or warn if the lockfile is not compatible (controlled by
[python].invalid_lockfile_behavior). See https://github.com/pantsbuild/pants/blob/release_2.12.1/src/python/pants/backend/python/lint/bandit/bandit.lock for the default lockfile contents.
Set to the string
<none> to opt out of using a lockfile. We do not recommend this, though, as lockfiles are essential for reproducible builds.
To use a custom lockfile, set this option to a file path relative to the build root, then run
./pants generate-lockfiles --resolve=bandit.
As explained at Third-party dependencies, lockfile generation via
generate-lockfiles does not always work and you may want to manually generate the lockfile. You will want to set
[python].invalid_lockfile_behavior = 'ignore' so that Pants does not complain about missing lockfile headers.
The console script for the tool. Using this option is generally preferable to (and mutually exclusive with) specifying an --entry-point since console script names have a higher expectation of staying stable across releases of the tool. Usually, you will not want to change this from the default.
The entry point for the tool. Generally you only want to use this option if the tool does not offer a --console-script (which this option is mutually exclusive with). Usually, you will not want to change this from the default.
Path to a Bandit YAML config file (https://bandit.readthedocs.io/en/latest/config.html).
Updated 5 months ago