{"id":27026704,"url":"https://github.com/pycqa/vscode-bandit","last_synced_at":"2025-04-04T23:15:29.299Z","repository":{"id":283121771,"uuid":"950754841","full_name":"PyCQA/vscode-bandit","owner":"PyCQA","description":"A Visual Studio Code extension with support for the Bandit static analysis tool.","archived":false,"fork":false,"pushed_at":"2025-04-02T21:59:57.000Z","size":973,"stargazers_count":2,"open_issues_count":3,"forks_count":1,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-04-02T22:31:05.478Z","etag":null,"topics":["bandit","linter","python","sast","security-scanner","security-tools","static-analysis","vscode-extension"],"latest_commit_sha":null,"homepage":"https://marketplace.visualstudio.com/items?itemName=pycqa.bandit-pycqa","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/PyCQA.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":"SUPPORT.md","governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-03-18T16:30:31.000Z","updated_at":"2025-04-02T22:00:01.000Z","dependencies_parsed_at":"2025-03-18T17:46:39.901Z","dependency_job_id":"aaae39d9-95b0-4d17-a8a5-42f73f947313","html_url":"https://github.com/PyCQA/vscode-bandit","commit_stats":null,"previous_names":["pycqa/vscode-bandit"],"tags_count":0,"template":false,"template_full_name":"microsoft/vscode-python-tools-extension-template","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PyCQA%2Fvscode-bandit","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PyCQA%2Fvscode-bandit/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PyCQA%2Fvscode-bandit/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PyCQA%2Fvscode-bandit/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/PyCQA","download_url":"https://codeload.github.com/PyCQA/vscode-bandit/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247261603,"owners_count":20910108,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bandit","linter","python","sast","security-scanner","security-tools","static-analysis","vscode-extension"],"created_at":"2025-04-04T23:15:28.663Z","updated_at":"2025-04-04T23:15:29.293Z","avatar_url":"https://github.com/PyCQA.png","language":"Python","readme":"![logotype-sm](https://github.com/user-attachments/assets/3e8c0b13-38cd-4f2a-a001-9fa20aaea533)\n\n# Bandit extension for Visual Studio Code\n\nA Visual Studio Code extension for the [Bandit](https://github.com/PyCQA/bandit) static analysis security tool, developed and maintained by the original authors of Bandit. This extension comes bundled with Bandit version 1.8.3.\n\nIt is compatible with all [actively supported versions](https://devguide.python.org/#status-of-python-branches) of the Python programming language.\n\nFor more information about Bandit, visit https://bandit.readthedocs.io/.\n\n## Settings\n\nThere are several settings you can configure to customize the behavior of this extension.\n| Setting | Default | Description |\n|---------------------------|----------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| `bandit.args` | `[]` | Arguments passed to Bandit for linting Python files. Each argument should be a separate string in the array. \u003cbr\u003e Examples: \u003cbr\u003e - `\"bandit.args\": [\"--severity-level=high\"]` \u003cbr\u003e - `\"bandit.args\": [\"--skip=B603\", \"--confidence-level=high\"]` |\n| `bandit.cwd` | `${workspaceFolder}` | Sets the current working directory used to lint Python files with Bandit. By default, it uses the root directory of the workspace. You can set it to `${fileDirname}` to use the parent folder of the file being linted. |\n| `bandit.enabled` | `true` | Enable/disable linting Python files with Bandit. This can be set globally or per workspace. When disabled, the linting server continues to monitor files but does not perform linting or expose code actions. |\n| `bandit.path` | `[]` | Path or command used by the extension to run Bandit. Accepts an array of strings (each arg separate). \u003cbr\u003e Examples: \u003cbr\u003e - `\"bandit.path\": [\"~/global_env/bandit\"]` \u003cbr\u003e - `\"bandit.path\": [\"bandit\"]` \u003cbr\u003e - `\"bandit.path\": [\"${interpreter}\", \"-m\", \"bandit\"]` \u003cbr\u003e If set to `[\"bandit\"]`, it uses the Bandit available in your `PATH`. Note: Using a custom path may slow down linting. |\n| `bandit.interpreter` | `[]` | Python executable or command used to launch Bandit. Accepts an array of strings (each arg separate). If left as `[]`, it uses the selected Python interpreter. |\n| `bandit.importStrategy` | `useBundled` | Specifies which Bandit binary to use. `useBundled` uses the version shipped with the extension. `fromEnvironment` uses the Bandit in the current Python environment. If it can't find one, it falls back to the bundled version. Overridden if `bandit.path` is set. |\n| `bandit.showNotification` | `off` | Controls when extension notifications appear. Options: `onError`, `onWarning`, `always`, `off`. |\n\nThe following variables are supported for substitution in the `bandit.args`, `bandit.cwd`, `bandit.path`, and `bandit.interpreter` settings:\n\n- `${workspaceFolder}`\n- `${workspaceFolder:FolderName}`\n- `${userHome}`\n- `${env:EnvVarName}`\n\nThe `bandit.path` setting also supports the `${interpreter}` variable as one of the entries of the array. This variable is subtituted based on the value of the `bandit.interpreter` setting.\n\n## Commands\n\n| Command | Description |\n| ---------------------- | --------------------------------- |\n| Bandit: Restart Server | Force re-start the linter server. |\n\n## Logging\n\nFrom the Command Palette (**View** \u003e **Command Palette ...**), run the **Developer: Set Log Level...** command. Select **Bandit** from the **Extension logs** group. Then select the log level you want to set.\n\nTo open the logs, click on the language status icon (`{}`) on the bottom right of the Status bar, next to the Python language mode. Locate the **Bandit** entry and select **Open logs**.\n\n## Troubleshooting\n\nIn this section, you will find some common issues you might encounter and how to resolve them. If you are experiencing any issues that are not covered here, please [file an issue](https://github.com/PyCQA/vscode-bandit/issues).\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpycqa%2Fvscode-bandit","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpycqa%2Fvscode-bandit","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpycqa%2Fvscode-bandit/lists"}