Getting started with Bandit

One of the many benefits of using and working with Python is its ability to introspect itself. This empowers us to write and use tools to analyze the projects we use and write. Tools written in Python can use the built-in ast module to parse and analyze other Python code into an “_A_bstract _S_yntax _T_ree”. Perhaps you’ve heard of Flake8, PyFlakes, PyLint, Radon, or another tool that provides style checking, lint discovery, or complexity computation? They all use the AST to provide that functionality. There’s also a tool called Bandit that uses the AST to provide static security analysis of Python programs.

Read More