Automic VaultAutomic Vault

brew

Install bandit with Homebrew, apt, MacPorts, Nix, pacman

Security-oriented static analyser for Python code. Version 1.9.4 via Homebrew; verified from local package data.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install bandit

local Homebrew formula metadata

MacPortsverified · 94%
sudo port install bandit

MacPorts ports tree · python/bandit/Portfile · source: api.github.com

overview

Package summary

Security-oriented static analyser for Python code

Commands and aliases

  • bandit
  • bandit-baseline
  • bandit-config-generator

history

Project history and usage

Bandit is PyCQA's Python security linter: a command-line static analyzer that parses Python files into ASTs and runs security-focused plugins against the tree. It is one of the standard package-manager tools for lightweight Python application security checks.

Project history

The official README says Bandit was originally developed within the OpenStack Security Project and later rehomed to PyCQA. Its public Git history begins in July 2014, with 0.9.0 tagged in February 2015 and a steady 1.x release line since then.

Bandit's architecture reflects the Python tooling style of its era: it uses Python's AST module, reports issue IDs such as B101 and B602, and exposes command-line, baseline, and config-generation executables for local use and CI automation.

Adoption history

Bandit's adoption broadened from OpenStack security work into the general Python quality-tooling ecosystem after it moved under PyCQA. The supplied package facts list Homebrew, Debian/Ubuntu, MacPorts, Nix, Arch, and related packaging, and the official README advertises PyPI, container images, and GitHub Actions-built images.

The project also became part of common Python CI and pre-commit workflows: the official docs include integration and CI/CD sections, and the configuration docs show usage through pre-commit with the official PyCQA repository.

How it is used

Bandit scans Python source recursively, builds ASTs, runs security plugins, and emits reports. Common usage is local scanning with bandit -r ., CI enforcement, baseline comparison, and per-line suppression with nosec comments when a finding has been reviewed.

Configuration can live in a .bandit INI file for recursive project scans, or in YAML/TOML files such as bandit.yaml and pyproject.toml when passed with -c. The docs also describe generated configs and plugin-specific overrides.

Why package nerds care

Bandit matters in package catalogs because it is security tooling with a tiny operational footprint: easy to add to CI, easy to vendor into developer images, and easy for distributions to expose as a CLI.

It also illustrates the consolidation of Python QA tools under PyCQA, alongside linters and format-adjacent tooling that package managers routinely provide for reproducible developer environments.

Timeline

  • 2014: Public Git history begins in the official repository.
  • 2015: 0.9.0 is tagged, followed by frequent early releases.
  • 2010s: Bandit moves from the OpenStack Security Project to PyCQA, according to the official README.
  • 2020s: Bandit is distributed through PyPI, OS package managers, pre-commit workflows, and signed container images.
  • 2026: 1.9.x releases continue maintenance of the analyzer and rule set.

Related projects

  • Bandit is related to PyCQA tooling, Python's AST module, pre-commit, and broader Python security/static-analysis tools. It complements general-purpose linters by focusing specifically on common security issues.

security posture

Risk level: green

narrow executable package without higher-risk signals.

Risk classifier

green risk · low confidence · appliance

Why

  • narrow executable package without higher-risk signals

Signals

  • metadata:no-higher-risk-signals

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 6 platform targets.
  • Installs with 2 runtime dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

local files

Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.

Configuration files

Config paths the tool may read or write during local use.

Unix
.banditbandit.yamlpyproject.toml

executables

Installed executables

CommandKindExposureNote
banditcliglobal executable
bandit-baselinecliglobal executable
bandit-config-generatorcliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-07
manager version1.9.4
manager updated
local dataok
upstreamnot checked
latest detectednot detected

https://github.com/PyCQA/bandit

  • infoNo package-manager update timestamp was available.low confidence
  • infoNo cached GitHub release or tag data was available.https://github.com/PyCQA/banditnone confidence

install metadata

Package metadata

Package keybrew:bandit
Version1.9.4
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/bandit
Homepagehttps://github.com/PyCQA/bandit
Repositoryhttps://github.com/PyCQA/bandit
Upstream docshttps://bandit.readthedocs.io/en/latest
LicenseApache-2.0
Source archivehttps://files.pythonhosted.org/packages/aa/c3/0cb80dfe0f3076e5da7e4c5ad8e57bac6ac357ff4a6406205501cade4965/bandit-1.9.4.tar.gz
Dependencieslibyaml, python@3.14
Bottleavailable (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namebandit
Version Scheme0
Revision1
Head VersionHEAD
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • head
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

Debian apt95%

bandit 1.7.10-2

Security oriented static analyzer for Python code - Metapackage

https://github.com/PyCQA/bandit

sudo apt install bandit
  • Section: python
  • Architecture: all
  • 1 dependencies
  • normalized package name match
  • Matched by: Bandit
Debian stable package indexes · deb.debian.org · Debian stable package indexes: bandit from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz
Debian apt95%

python3-bandit 1.7.10-2

Security oriented static analyzer for Python code - Python 3.x

https://github.com/PyCQA/bandit

sudo apt install python3-bandit
  • Section: python
  • Architecture: all
  • Source Package: bandit
  • 7 dependencies
  • normalized package name match
  • Matched by: Bandit
Debian stable package indexes · deb.debian.org · Debian stable package indexes: python3-bandit from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz
Nix95%

bandit

nix profile install nixpkgs#bandit
  • normalized package name match
  • Matched by: Bandit
nixpkgs package indexes · raw.githubusercontent.com · nixpkgs package indexes: bandit from https://raw.githubusercontent.com/NixOS/nixpkgs/master/pkgs/top-level/all-packages.nix
Ubuntu apt95%

bandit 1.6.2-3

Security oriented static analyzer for Python code - Metapackage

https://github.com/PyCQA/bandit

sudo apt install bandit
  • Section: universe/python
  • Architecture: all
  • 1 dependencies
  • normalized package name match
  • Matched by: Bandit
Ubuntu 24.04 LTS package indexes · archive.ubuntu.com · Ubuntu 24.04 LTS package indexes: bandit from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz
Ubuntu apt95%

python3-bandit 1.6.2-3

Security oriented static analyzer for Python code - Python 3.x

https://github.com/PyCQA/bandit

sudo apt install python3-bandit
  • Section: universe/python
  • Architecture: all
  • Source Package: bandit
  • 5 dependencies
  • normalized package name match
  • Matched by: Bandit
Ubuntu 24.04 LTS package indexes · archive.ubuntu.com · Ubuntu 24.04 LTS package indexes: python3-bandit from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz
pacman95%

bandit 1.9.4-1

Python security linter from OpenStack Security

https://github.com/PyCQA/bandit

sudo pacman -S bandit
  • License: Apache-2.0
  • Architecture: any
  • 4 dependencies
  • normalized package name match
  • Matched by: Bandit
Arch Linux sync databases · geo.mirror.pkgbuild.com · Arch Linux sync databases: bandit from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz
MacPorts95%

bandit

sudo port install bandit
  • normalized package name match
  • Matched by: Bandit
MacPorts ports tree · api.github.com · MacPorts ports tree: python/bandit/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated configuration and credential file locations
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment