bandit: Bandit can also be configured as a pre-commit hook. If you're unfamiliar with pre-commit hooks, check out our video series. To configure the hook you need to add the following lines to your pre-commit configuration file.
- repo: https://github.com/Lucas-C/pre-commit-hooks-bandit
rev: v1.0.5
hooks:
- id: python-bandit-vulnerability-check
args: [--skip, "B101", --recursive, clumper]
In this file we've configured the pre-commit file to run recursively on the clumper folder
and to ignore any errors with code "B101". You can read more about this check in the
bandit documentation.
The main thing to remember with bandit is that it's not perfect. It won't catch every security concern out there but it does have some reasonable checks in there. You're free to configure the tool to your liking but it might also be a good idea to read more about the different issues. There's a lot of little things that can go wrong.