https://github.com/pycqa/vscode-bandit
A Visual Studio Code extension with support for the Bandit static analysis tool.
https://github.com/pycqa/vscode-bandit
bandit linter python sast security-scanner security-tools static-analysis vscode-extension
Last synced: 6 months ago
JSON representation
A Visual Studio Code extension with support for the Bandit static analysis tool.
- Host: GitHub
- URL: https://github.com/pycqa/vscode-bandit
- Owner: PyCQA
- License: mit
- Created: 2025-03-18T16:30:31.000Z (7 months ago)
- Default Branch: main
- Last Pushed: 2025-04-02T21:59:57.000Z (6 months ago)
- Last Synced: 2025-04-02T22:31:05.478Z (6 months ago)
- Topics: bandit, linter, python, sast, security-scanner, security-tools, static-analysis, vscode-extension
- Language: Python
- Homepage: https://marketplace.visualstudio.com/items?itemName=pycqa.bandit-pycqa
- Size: 950 KB
- Stars: 2
- Watchers: 2
- Forks: 1
- Open Issues: 3
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
- Security: SECURITY.md
- Support: SUPPORT.md
Awesome Lists containing this project
README
# Bandit extension for Visual Studio Code
A Visual Studio Code extension for the [Bandit](https://github.com/PyCQA/bandit) static analysis security tool, developed and maintained by the original authors of Bandit. This extension comes bundled with Bandit version 1.8.3.
It is compatible with all [actively supported versions](https://devguide.python.org/#status-of-python-branches) of the Python programming language.
For more information about Bandit, visit https://bandit.readthedocs.io/.
## Settings
There are several settings you can configure to customize the behavior of this extension.
| Setting | Default | Description |
|---------------------------|----------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `bandit.args` | `[]` | Arguments passed to Bandit for linting Python files. Each argument should be a separate string in the array.
Examples:
- `"bandit.args": ["--severity-level=high"]`
- `"bandit.args": ["--skip=B603", "--confidence-level=high"]` |
| `bandit.cwd` | `${workspaceFolder}` | Sets the current working directory used to lint Python files with Bandit. By default, it uses the root directory of the workspace. You can set it to `${fileDirname}` to use the parent folder of the file being linted. |
| `bandit.enabled` | `true` | Enable/disable linting Python files with Bandit. This can be set globally or per workspace. When disabled, the linting server continues to monitor files but does not perform linting or expose code actions. |
| `bandit.path` | `[]` | Path or command used by the extension to run Bandit. Accepts an array of strings (each arg separate).
Examples:
- `"bandit.path": ["~/global_env/bandit"]`
- `"bandit.path": ["bandit"]`
- `"bandit.path": ["${interpreter}", "-m", "bandit"]`
If set to `["bandit"]`, it uses the Bandit available in your `PATH`. Note: Using a custom path may slow down linting. |
| `bandit.interpreter` | `[]` | Python executable or command used to launch Bandit. Accepts an array of strings (each arg separate). If left as `[]`, it uses the selected Python interpreter. |
| `bandit.importStrategy` | `useBundled` | Specifies which Bandit binary to use. `useBundled` uses the version shipped with the extension. `fromEnvironment` uses the Bandit in the current Python environment. If it can't find one, it falls back to the bundled version. Overridden if `bandit.path` is set. |
| `bandit.showNotification` | `off` | Controls when extension notifications appear. Options: `onError`, `onWarning`, `always`, `off`. |
The following variables are supported for substitution in the `bandit.args`, `bandit.cwd`, `bandit.path`, and `bandit.interpreter` settings:
- `${workspaceFolder}`
- `${workspaceFolder:FolderName}`
- `${userHome}`
- `${env:EnvVarName}`
The `bandit.path` setting also supports the `${interpreter}` variable as one of the entries of the array. This variable is subtituted based on the value of the `bandit.interpreter` setting.
## Commands
| Command | Description |
| ---------------------- | --------------------------------- |
| Bandit: Restart Server | Force re-start the linter server. |
## Logging
From the Command Palette (**View** > **Command Palette ...**), run the **Developer: Set Log Level...** command. Select **Bandit** from the **Extension logs** group. Then select the log level you want to set.
To open the logs, click on the language status icon (`{}`) on the bottom right of the Status bar, next to the Python language mode. Locate the **Bandit** entry and select **Open logs**.
## Troubleshooting
In this section, you will find some common issues you might encounter and how to resolve them. If you are experiencing any issues that are not covered here, please [file an issue](https://github.com/PyCQA/vscode-bandit/issues).