# Install bandit

Security-oriented static analyser for Python code. Version 1.9.4 via Homebrew; verified 2026-03-30.

## Install

```sh
sudo av install brew:bandit
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install bandit
```

  Evidence: local Homebrew formula metadata

- MacPorts (94%):

```sh
sudo port install bandit
```

  Evidence: MacPorts ports tree: python/bandit/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1

### Linux

- Debian apt (92%):

```sh
sudo apt install bandit
```

  Evidence: Debian stable package indexes: bandit from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz

- Nix (92%):

```sh
nix profile install nixpkgs#bandit
```

  Evidence: nixpkgs package indexes: bandit from https://raw.githubusercontent.com/NixOS/nixpkgs/master/pkgs/top-level/all-packages.nix

- pacman (92%):

```sh
sudo pacman -S bandit
```

  Evidence: Arch Linux sync databases: bandit from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz

## Package Facts

- **Package key:** brew:bandit
- **Package manager:** Homebrew
- **Package manager URL:** <https://formulae.brew.sh/formula/bandit>
- **Version:** 1.9.4
- **Source summary:** Security-oriented static analyser for Python code
- **Homepage:** <https://github.com/PyCQA/bandit>
- **Repository:** <https://github.com/PyCQA/bandit>
- **Upstream docs:** <https://bandit.readthedocs.io/en/latest>
- **License:** Apache-2.0
- **Source archive:** <https://files.pythonhosted.org/packages/aa/c3/0cb80dfe0f3076e5da7e4c5ad8e57bac6ac357ff4a6406205501cade4965/bandit-1.9.4.tar.gz>
- **Last updated:** 2026-03-30T09:15:24Z
- **Generated:** 2026-06-10T07:18:26+00:00

## Executables

- bandit (cli)
- bandit-baseline (cli)
- bandit-config-generator (cli)
- bandit (alias)
- bandit-baseline (alias)
- bandit-config-generator (alias)

## Dependencies

- libyaml
- python@3.14

## Install Behavior

- Post-install hook: not defined
- Bottle: available on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux

## Freshness

- Page generated: 2026-06-10
- Package-manager version: 1.9.4
- Package-manager updated: 2026-03-30
- Local data status: ok
- Upstream repository: https://github.com/PyCQA/bandit
- info: No cached GitHub release or tag data was available.

## Notes de sécurité

narrow executable package without higher-risk signals.

- **Geiger risk:** green / low
- narrow executable package without higher-risk signals

## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** bandit
- **Version Scheme:** 0
- **Revision:** 1
- **Head Version:** HEAD
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** head, stable

## Other Package-Manager Records

- Debian apt - bandit - 1.7.10-2: normalized package name match | Debian stable package indexes: bandit from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz | Security oriented static analyzer for Python code - Metapackage | https://github.com/PyCQA/bandit
- Debian apt - python3-bandit - 1.7.10-2: normalized package name match | Debian stable package indexes: python3-bandit from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz | Security oriented static analyzer for Python code - Python 3.x | https://github.com/PyCQA/bandit
- Nix - bandit: normalized package name match | nixpkgs package indexes: bandit from https://raw.githubusercontent.com/NixOS/nixpkgs/master/pkgs/top-level/all-packages.nix
- Ubuntu apt - bandit - 1.6.2-3: normalized package name match | Ubuntu 24.04 LTS package indexes: bandit from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz | Security oriented static analyzer for Python code - Metapackage | https://github.com/PyCQA/bandit
- Ubuntu apt - python3-bandit - 1.6.2-3: normalized package name match | Ubuntu 24.04 LTS package indexes: python3-bandit from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz | Security oriented static analyzer for Python code - Python 3.x | https://github.com/PyCQA/bandit
- pacman - bandit - 1.9.4-1: normalized package name match | Arch Linux sync databases: bandit from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz | Python security linter from OpenStack Security | https://github.com/PyCQA/bandit
- MacPorts - bandit: normalized package name match | MacPorts ports tree: python/bandit/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1


## Related Links

- [Source-control packages](https://www.automicvault.com/fr/pkg/source-control-tools/) - Belongs to a source-control command family.
- [Terminal utility packages](https://www.automicvault.com/fr/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Developer build packages](https://www.automicvault.com/fr/pkg/developer-build-tools/) - Matched build, compiler, generator, or developer workflow metadata.
- [Language runtime packages](https://www.automicvault.com/fr/pkg/language-runtime-packages/) - Matched language runtime, compiler, or interpreter metadata.
- [python@3.14](https://www.automicvault.com/fr/pkg/brew/python-3-14/) - Runtime dependency declared by Homebrew.
- [tfsec](https://www.automicvault.com/fr/pkg/brew/tfsec/) - Shares av.db curated category or tags: cli, security, static-analysis.
- [gosec](https://www.automicvault.com/fr/pkg/brew/gosec/) - Shares av.db curated category or tags: cli, security, static-analysis.
- [ghalint](https://www.automicvault.com/fr/pkg/brew/ghalint/) - Shares av.db curated category or tags: cli, linter, security, static-analysis.
- [joern](https://www.automicvault.com/fr/pkg/brew/joern/) - Shares av.db curated category or tags: cli, security, static-analysis.
- [flawfinder](https://www.automicvault.com/fr/pkg/brew/flawfinder/) - Shares av.db curated category or tags: cli, security, static-analysis.
- [cargo-geiger](https://www.automicvault.com/fr/pkg/brew/cargo-geiger/) - Shares av.db curated category or tags: cli, security, static-analysis.
- [caracal](https://www.automicvault.com/fr/pkg/brew/caracal/) - Shares av.db curated category or tags: cli, security, static-analysis.
- [slither-analyzer](https://www.automicvault.com/fr/pkg/brew/slither-analyzer/) - Shares av.db curated category or tags: cli, security, static-analysis.

## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph