bandit --help

usage: bandit [-h] [-r] [-a {file,vuln}] [-n CONTEXT_LINES] [-c CONFIG_FILE] [-p PROFILE] [-t TESTS] [-s SKIPS] [-l | --severity-level {all,low,medium,high}] [-i | --confidence-level {all,low,medium,high}] [-f {csv,custom,html,json,screen,txt,xml,yaml}] [--msg-template MSG_TEMPLATE] [-o [OUTPUT_FILE]] [-v] [-d] [-q] [--ignore-nosec] [-x EXCLUDED_PATHS] [-b BASELINE] [--ini INI_PATH] [--exit-zero] [--version] [targets ...]

Bandit - a Python source code security analyzer

positional arguments:
  targets               source file(s) or directory(s) to be tested

options:
  -h, --help            show this help message and exit
  -r, --recursive       find and process files in subdirectories
  -a, --aggregate {file,vuln}
                        aggregate output by vulnerability (default) or by filename
  -n, --number CONTEXT_LINES
                        maximum number of code lines to output for each issue
  -c, --configfile CONFIG_FILE
                        optional config file to use for selecting plugins and overriding defaults
  -p, --profile PROFILE
                        profile to use (defaults to executing all tests)
  -t, --tests TESTS     comma-separated list of test IDs to run
  -s, --skip SKIPS      comma-separated list of test IDs to skip
  -l, --level           report only issues of a given severity level or higher (-l for LOW, -ll for MEDIUM, -lll for HIGH)
  --severity-level {all,low,medium,high}
                        report only issues of a given severity level or higher. "all" and "low" are likely to produce the same results, but it is possible for rules to be undefined which will not be listed in "low".
  -i, --confidence      report only issues of a given confidence level or higher (-i for LOW, -ii for MEDIUM, -iii for HIGH)
  --confidence-level {all,low,medium,high}
                        report only issues of a given confidence level or higher. "all" and "low" are likely to produce the same results, but it is possible for rules to be undefined which will not be listed in "low".
  -f, --format {csv,custom,html,json,screen,txt,xml,yaml}
                        specify output format
  --msg-template MSG_TEMPLATE
                        specify output message template (only usable with --format custom), see CUSTOM FORMAT section for list of available values
  -o, --output [OUTPUT_FILE]
                        write report to filename
  -v, --verbose         output extra information like excluded and included files
  -d, --debug           turn on debug mode
  -q, --quiet, --silent
                        only show output in the case of an error
  --ignore-nosec        do not skip lines with # nosec comments
  -x, --exclude EXCLUDED_PATHS
                        comma-separated list of paths (glob patterns supported) to exclude from scan (note that these are in addition to the excluded paths provided in the config file) (default: .svn,CVS,.bzr,.hg,.git,__pycache__,.tox,.eggs,*.egg)
  -b, --baseline BASELINE
                        path of a baseline report to compare against (only JSON-formatted files are accepted)
  --ini INI_PATH        path to a .bandit file that supplies command line arguments
  --exit-zero           exit with 0, even with results found
  --version             show program's version number and exit

CUSTOM FORMATTING
-----------------

Available tags:

    {abspath}, {relpath}, {line}, {col}, {test_id},
    {severity}, {msg}, {confidence}, {range}

Example usage:

    Default template:
    bandit -r examples/ --format custom --msg-template \
    "{abspath}:{line}: {test_id}[bandit]: {severity}: {msg}"

    Provides same output as:
    bandit -r examples/ --format custom

    Tags can also be formatted in python string.format() style:
    bandit -r examples/ --format custom --msg-template \
    "{relpath:20.20s}: {line:03}: {test_id:^8}: DEFECT: {msg:>20}"

    See python documentation for more information about formatting style:
    https://docs.python.org/3/library/string.html

The following tests were discovered and loaded:
-----------------------------------------------
	B101	assert_used
	B102	exec_used
	B103	set_bad_file_permissions
	B104	hardcoded_bind_all_interfaces
	B105	hardcoded_password_string
	B106	hardcoded_password_funcarg
	B107	hardcoded_password_default
	B108	hardcoded_tmp_directory
	B110	try_except_pass
	B112	try_except_continue
	B113	request_without_timeout
	B201	flask_debug_true
	B202	tarfile_unsafe_members
	B301	pickle
	B302	marshal
	B303	md5
	B304	ciphers
	B305	cipher_modes
	B306	mktemp_q
	B307	eval
	B308	mark_safe
	B310	urllib_urlopen
	B311	random
	B312	telnetlib
	B313	xml_bad_cElementTree
	B314	xml_bad_ElementTree
	B315	xml_bad_expatreader
	B316	xml_bad_expatbuilder
	B317	xml_bad_sax
	B318	xml_bad_minidom
	B319	xml_bad_pulldom
	B321	ftplib
	B323	unverified_context
	B324	hashlib_insecure_functions
	B401	import_telnetlib
	B402	import_ftplib
	B403	import_pickle
	B404	import_subprocess
	B405	import_xml_etree
	B406	import_xml_sax
	B407	import_xml_expat
	B408	import_xml_minidom
	B409	import_xml_pulldom
	B411	import_xmlrpclib
	B412	import_httpoxy
	B413	import_pycrypto
	B415	import_pyghmi
	B501	request_with_no_cert_validation
	B502	ssl_with_bad_version
	B503	ssl_with_bad_defaults
	B504	ssl_with_no_version
	B505	weak_cryptographic_key
	B506	yaml_load
	B507	ssh_no_host_key_verification
	B508	snmp_insecure_version
	B509	snmp_weak_cryptography
	B601	paramiko_calls
	B602	subprocess_popen_with_shell_equals_true
	B603	subprocess_without_shell_equals_true
	B604	any_other_function_with_shell_equals_true
	B605	start_process_with_a_shell
	B606	start_process_with_no_shell
	B607	start_process_with_partial_path
	B608	hardcoded_sql_expressions
	B609	linux_commands_wildcard_injection
	B610	django_extra_used
	B611	django_rawsql_used
	B612	logging_config_insecure_listen
	B613	trojansource
	B614	pytorch_load
	B615	huggingface_unsafe_download
	B701	jinja2_autoescape_false
	B702	use_of_mako_templates
	B703	django_mark_safe
	B704	markupsafe_markup_xss
