A pre-commit hook to find common security issues in your Python code using bandit.
- repo: https://github.com/Lucas-C/pre-commit-hooks-bandit sha: v1.0.3 hooks: - id: python-bandit-vulnerability-check
You can also specify a custom
.banditrc file, specific directories to check, test IDs to skip or the alerting level :
- id: python-bandit-vulnerability-check args: [--verbose, --ini, .banditrc, -ll, --skip, "B321,B402", --recursive, src/lib]
The default arguments are defined here and indicate to check for high-severity issues in all the repo files recursively.
pre-commit will pass to
bandit the list of all staged files that match the
files regular expression in
If you want to execute
bandit only on modified Python files, you'll need:
- to target the Python files / directories with the
- to override the
argsfield so it does not include
- id: python-bandit-vulnerability-check args:  files: .py$
Alternative local hook
You'll need to
pip install bandit beforehand:
- repo: local hooks: - id: python-bandit-vulnerability-check entry: bandit args: [-lll, --recursive, .] language: system files: ''