macOS
brew install banditlocal Homebrew formula metadata
sudo port install banditMacPorts ports tree · python/bandit/Portfile · source: api.github.com
brew
Security-oriented static analyser for Python code. Version 1.9.4 via Homebrew; verified from local package data.
install
brew install banditlocal Homebrew formula metadata
sudo port install banditMacPorts ports tree · python/bandit/Portfile · source: api.github.com
sudo apt install banditDebian stable package indexes · bandit · source: deb.debian.org
nix profile install nixpkgs#banditnixpkgs package indexes · bandit · source: raw.githubusercontent.com
sudo pacman -S banditArch Linux sync databases · bandit · source: geo.mirror.pkgbuild.com
overview
Security-oriented static analyser for Python code
history
Bandit is PyCQA's Python security linter: a command-line static analyzer that parses Python files into ASTs and runs security-focused plugins against the tree. It is one of the standard package-manager tools for lightweight Python application security checks.
The official README says Bandit was originally developed within the OpenStack Security Project and later rehomed to PyCQA. Its public Git history begins in July 2014, with 0.9.0 tagged in February 2015 and a steady 1.x release line since then.
Bandit's architecture reflects the Python tooling style of its era: it uses Python's AST module, reports issue IDs such as B101 and B602, and exposes command-line, baseline, and config-generation executables for local use and CI automation.
Bandit's adoption broadened from OpenStack security work into the general Python quality-tooling ecosystem after it moved under PyCQA. The supplied package facts list Homebrew, Debian/Ubuntu, MacPorts, Nix, Arch, and related packaging, and the official README advertises PyPI, container images, and GitHub Actions-built images.
The project also became part of common Python CI and pre-commit workflows: the official docs include integration and CI/CD sections, and the configuration docs show usage through pre-commit with the official PyCQA repository.
Bandit scans Python source recursively, builds ASTs, runs security plugins, and emits reports. Common usage is local scanning with bandit -r ., CI enforcement, baseline comparison, and per-line suppression with nosec comments when a finding has been reviewed.
Configuration can live in a .bandit INI file for recursive project scans, or in YAML/TOML files such as bandit.yaml and pyproject.toml when passed with -c. The docs also describe generated configs and plugin-specific overrides.
Bandit matters in package catalogs because it is security tooling with a tiny operational footprint: easy to add to CI, easy to vendor into developer images, and easy for distributions to expose as a CLI.
It also illustrates the consolidation of Python QA tools under PyCQA, alongside linters and format-adjacent tooling that package managers routinely provide for reproducible developer environments.
security posture
narrow executable package without higher-risk signals.
green risk · low confidence · appliance
Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.
local files
These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.
Config paths the tool may read or write during local use.
.banditbandit.yamlpyproject.tomlexecutables
| Command | Kind | Exposure | Note |
|---|---|---|---|
bandit | cli | global executable | |
bandit-baseline | cli | global executable | |
bandit-config-generator | cli | global executable |
freshness
These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.
https://github.com/PyCQA/bandit
install metadata
| Package key | brew:bandit |
|---|---|
| Version | 1.9.4 |
| Package manager | Homebrew |
| Package manager page | https://formulae.brew.sh/formula/bandit |
| Homepage | https://github.com/PyCQA/bandit |
| Repository | https://github.com/PyCQA/bandit |
| Upstream docs | https://bandit.readthedocs.io/en/latest |
| License | Apache-2.0 |
| Source archive | https://files.pythonhosted.org/packages/aa/c3/0cb80dfe0f3076e5da7e4c5ad8e57bac6ac357ff4a6406205501cade4965/bandit-1.9.4.tar.gz |
| Dependencies | libyaml, python@3.14 |
| Bottle | available (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux) |
| Homebrew post-install | not defined |
| Service | none declared |
registry facts
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | bandit |
| Version Scheme | 0 |
| Revision | 1 |
| Head Version | HEAD |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
source database matches
Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.
bandit 1.7.10-2
Security oriented static analyzer for Python code - Metapackage
https://github.com/PyCQA/bandit
sudo apt install banditpython3-bandit 1.7.10-2
Security oriented static analyzer for Python code - Python 3.x
https://github.com/PyCQA/bandit
sudo apt install python3-banditbandit
nix profile install nixpkgs#banditbandit 1.6.2-3
Security oriented static analyzer for Python code - Metapackage
https://github.com/PyCQA/bandit
sudo apt install banditpython3-bandit 1.6.2-3
Security oriented static analyzer for Python code - Python 3.x
https://github.com/PyCQA/bandit
sudo apt install python3-banditbandit 1.9.4-1
Python security linter from OpenStack Security
https://github.com/PyCQA/bandit
sudo pacman -S banditbandit
sudo port install banditsource trail
This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.
View the package source record on GitHub.