Pybuilder plugin for bandit security linter
Project description
pybuilder-bandit
A pybuilder plugin that analyzes your project for common security issues using bandit. Bandit is a security linter for Python code, for more information refer to the bandit pypi page.
To add this plugin into your pybuilder project, add the following line near the top of your build.py:
use_plugin('pypi:pybuilder_bandit')
NOTE if you are using Pybuilder version v0.11.x, then specify the following version of the plugin:
use_plugin('pypi:pybuilder_bandit', '~=0.1.3')
Pybuilder bandit properties
The pybuilder task pyb bandit will use bandit to scan your project to find common security issues, verbose mode will display to the screen any issues found. The following plugin properties are available to further configure the scan.
| Name | Type | Default Value | Description |
|---|---|---|---|
| bandit_break_build | bool | False | Fail build if scan detects any issues |
| bandit_confidence_level | str | LOW | Report only issues of a given confidence level or higher: LOW, MEDIUM, HIGH |
| bandit_severity_level | str | LOW | report only issues of a given severity level or higher: LOW, MEDIUM, HIGH |
| bandit_skip_ids | str | None | comma-separated list of test IDs to skip |
| bandit_include_testsources | bool | False | include scanning of project test sources |
| bandit_include_scripts | bool | False | include scanning of project scripts |
The plugin properties are set using project.set_property, the following is an example of how to set the properties:
project.set_property('bandit_break_build', True)
project.set_property('bandit_confidence_level', 'LOW')
project.set_property('bandit_severity_level', 'MEDIUM')
project.set_property('bandit_skip_ids', 'B110,B315')
project.set_property('bandit_include_testsources', True)
project.set_property('bandit_include_scripts', True)
Development
Clone the repository and ensure the latest version of Docker is installed on your development server.
Build the Docker image:
docker image build \
-t pybbandit:latest .
Run the Docker container:
docker container run \
--rm \
-it \
-v $PWD:/code \
pybbandit:latest \
bash
Execute the build:
pyb -X
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file pybuilder-bandit-0.3.2.tar.gz.
File metadata
- Download URL: pybuilder-bandit-0.3.2.tar.gz
- Upload date:
- Size: 4.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.0.0 CPython/3.9.19
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | d37269c95b1aaf89d5c91de1226e1e770cf1635f721e3a9701fe59495cfc93a2 |
|
| MD5 | 062e90cf694c625209a8439d6aca3701 |
|
| BLAKE2b-256 | c2bab6fc27481c830079074d83a9544d6300625857c1c6f932bc5c16d358b919 |
File details
Details for the file pybuilder_bandit-0.3.2-py3-none-any.whl.
File metadata
- Download URL: pybuilder_bandit-0.3.2-py3-none-any.whl
- Upload date:
- Size: 4.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.0.0 CPython/3.9.19
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 60841fb86fc6afae08d99ed0e604242fb2c1a73e0403e916fb2cf17d66edaed9 |
|
| MD5 | bb17b20d0bcd007f08bbce0d1d6178e1 |
|
| BLAKE2b-256 | b2f40c175b3358efe1daa9ad1d1ece4aa51ae1b430e18b5692105f421b1ff30e |
