Skip to content
/ bandit-sarif-formatter Public

A report formatter for Bandit (a Python security analyzer) that produces output in the SARIF format.

License

MIT license
16 stars 10 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

microsoft/bandit-sarif-formatter

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
bandit_sarif_formatter
bandit_sarif_formatter
 
 
.gitignore
.gitignore
 
 
CODE_OF_CONDUCT.md
CODE_OF_CONDUCT.md
 
 
LICENSE
LICENSE
 
 
README.rst
README.rst
 
 
SECURITY.md
SECURITY.md
 
 
setup.cfg
setup.cfg
 
 
setup.py
setup.py
 
 

Repository files navigation

SARIF formatter for Bandit

Overview

bandit_sarif_formatter is a report formatter for Bandit, a security analyzer for Python. It produces output in the Static Analysis Results Interchange Format (SARIF) Version 2.1.0 file format, an OASIS Committee Specification.

To learn more about SARIF and find resources for working with it, you can visit the SARIF Home Page.

Building

To build the bandit_sarif_formatter package, see the Python Packaging Authority's instructions for Packaging Python Projects, in particular the section "Generating distribution archives."

Briefly: run the following commands from the project root directory:

python -m pip install --user --upgrade setuptools wheel
python setup.py sdist bdist_wheel

The source distribution (.tar.gz) and wheel-style built distribution (.whl) packages appear in the dist/ directory.

Publishing

To publish the bandit_sarif_formatter package, see the section "Uploading the distribution archives" and "Next steps" in Packaging Python Projects.

Briefly: log in to https://pypi.org with the TODO account, and then run the following commands from the project root directory:

python -m pip install --user --upgrade twine
python -m twine upload dist/*

Installing

To install the bandit_sarif_formatter package, run the command:

python -m pip install bandit_sarif_formatter

Using

To generate SARIF output from Bandit, run the command:

bandit --format sarif [targets [targets ...]] --output out.sarif

Contributing

This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.

When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.

About

A report formatter for Bandit (a Python security analyzer) that produces output in the SARIF format.

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

16 stars

Watchers

4 watching

Forks

10 forks
Report repository

Releases

7 tags

Packages

 
 
 

Contributors 2

  •  
  •  

Languages