Bandit

Bandit

Category: SAST
License: Free (Open-Source)
Visit Website →
GitHub (7800★)

Bandit is a free vulnerability scanner (SAST) for your Python applications.

With over 7,800 GitHub stars and 151 contributors, it has become the standard security tool for Python developers.

What is Bandit?

Bandit is a free static application security scanning tool which checks Python applications for security vulnerabilities.

Originally developed within the OpenStack Security Project, it was later transferred to PyCQA where it continues active development.

The tool processes each file, builds an AST from it, and runs appropriate plugins against the AST nodes.

Once Bandit has finished scanning all the files, it generates a report.

Bandit Scan Output

How to install Bandit?

Install Bandit:

pip install bandit

Install from source:

python setup.py install

Install via Snap:

sudo snap install bandit

Install on macOS:

python3 -m venv bandit-env
source bandit-env/bin/activate
pip install bandit

How to run a scan with Bandit?

To run Bandit on your application:

bandit appsec_santa.py

To run Bandit recursively on a directory:

bandit -r path/to/your/code

To generate a report in different formats:

bandit -r path/to/code -f json -o report.json

The tool generates security findings displayed in the console output with severity and confidence levels.

Note: Maintained by PyCQA. Sponsored by Mercedes-Benz, Tidelift, and Stacklok. Supports Python 3.10-3.14.

Other SAST Tools

Brakeman
Brakeman

Open-Source Ruby on Rails

Checkmarx
Checkmarx

Gartner Leader for Enterprise SAST

Codacy
Codacy

40+ Languages with AI Code Protection

Contrast Scan
Contrast Scan

30+ Languages with Free Community

See all SAST tools