Bandit
Static security analysis tool for Python code. Bandit finds common security issues — hardcoded passwords, use of pickle with untrusted data, subprocess shell injection, weak cryptography, SQL injection via string formatting, and more. Designed to find security bugs introduced by developers, not as a complete security audit tool. Standard inclusion in Python CI/CD pipelines for security hygiene.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
Local-only static analysis tool — no network calls. Ironically, Bandit itself is very secure to use. Code being analyzed never leaves local environment.
⚡ Reliability
Best When
You want a quick, easy-to-integrate Python security scanner that catches common developer mistakes — hardcoded secrets, injection risks, and dangerous function usage.
Avoid When
You need comprehensive vulnerability detection with low false-positive rates — Semgrep with security rules or commercial SAST tools provide more accurate, context-aware analysis.
Use Cases
- • Run automated security scanning on agent-generated Python code to detect common vulnerabilities before deployment
- • Integrate into CI/CD pipelines to block Python code with high-severity security issues (hardcoded secrets, shell injection, weak crypto)
- • Audit existing Python agent codebases for security debt — identify and prioritize security issues by severity (HIGH/MEDIUM/LOW)
- • Check for dangerous function usage in agent tool code — subprocess with shell=True, eval(), exec(), pickle.loads() of untrusted data
- • Generate JSON security reports from Bandit for integration with security dashboards and agent security monitoring pipelines
Not For
- • Full security audits — Bandit finds common patterns, not all vulnerabilities; SAST tools don't replace security code review
- • Non-Python codebases — use Semgrep, CodeQL, or language-specific SAST tools for other languages
- • Runtime security monitoring — Bandit is static analysis only; use runtime application security tools for dynamic detection
Interface
Authentication
Local CLI tool — no external auth. Runs entirely locally.
Pricing
Apache 2.0 open source maintained by PyCQA (Python Code Quality Authority).
Agent Metadata
Known Gotchas
- ⚠ Bandit has a high false-positive rate — B101 (assert used) and B311 (random) fire constantly in non-security contexts; configure .bandit file to suppress expected FPs per-project
- ⚠ Bandit analyzes Python syntax only — it cannot detect logic-level vulnerabilities or analyze runtime behavior; don't rely on Bandit as the sole security control
- ⚠ The --skip flag suppresses entire test IDs globally — use # nosec: B101 inline comments for targeted suppression to maintain auditability of intentional suppression
- ⚠ Bandit's confidence levels (HIGH/MEDIUM/LOW) refer to detection confidence, not vulnerability severity — a LOW confidence HIGH severity finding still warrants review
- ⚠ Running Bandit on generated code with dynamic eval() patterns always flags issues — generated code that uses eval by design needs targeted nosec annotations to avoid CI noise
- ⚠ Bandit does not understand data flow — it flags all subprocess.run(shell=True) even when the argument is a hardcoded string with no user input; context matters but Bandit cannot see it
Full Evaluation Report
Detailed scoring breakdown, competitive positioning, security analysis, and improvement recommendations for Bandit.
Scores are editorial opinions as of 2026-03-06.