DEV Community

whchi
whchi

Posted on • Edited on

5

Enhance your python code security using bandit

#webdev #python #security #tutorial

In the constantly evolving realm of technology, ensuring the security of your code is also an important part of software development.

Here, I am using Bandit, a tool designed to find common security issues in Python code, to improve my project's security.

Severity vs Confidence

In the context of Information Security, severity and confidence are two important metrics. Both of them are leveled into Low, Medium and High.

Severity, it measures the seriousness of the consequences that may arise if the security issue is exploited or left unaddressed.

Confidence, it reflects how well the information is validated, verified, or understood.

Call to action

The result of a Bandit scan is a detailed report that outlines potential security issues in the code. This report includes the severity and confidence of each issue, as well as the part of the code where the issue was detected. The report can be
output in several formats, including CSV, HTML, JSON, text, XML, and YAML. This allows developers to easily parse and analyze the results and take appropriate action to improve the security of their code.

Bandit scanning result

The following are some simple judgment criteria after scan.

  • High Severity, High Confidence: Immediate action is typically taken due to a well-understood and verified security threat with potentially severe consequences.

  • High Severity, Low Confidence: Caution is exercised, and further investigation is needed to increase confidence in the assessment before taking decisive action.

  • Low Severity, High Confidence: Proactive measures may be taken even for low-severity issues if there is high confidence in the assessment.

  • Low Severity, Low Confidence: Ongoing monitoring and investigation are required to either confirm the low risk or gather additional information.

Setup

With pre-commit you can integrate bandit into your python project very easily

  1. pyproject.toml: skip folders you don't want to be scanned 
[tool.bandit]
exclude_dirs = [
    ".venv",
    ".git",
    "__pycache__",
]
Enter fullscreen mode Exit fullscreen mode

2 .pre-commit-config.yml: add pre-commit hook

repos:
  - repo: https://github.com/PyCQA/bandit
    rev: 1.7.7
    hooks:
      - id: bandit
        args: ["-c", "pyproject.toml", "-r", "."]
        additional_dependencies: ["bandit[toml]"]
Enter fullscreen mode Exit fullscreen mode

That is.

profile
Sentry
 Promoted

Sentry blog image

How to reduce TTFB

In the past few years in the web dev world, we’ve seen a significant push towards rendering our websites on the server. Doing so is better for SEO and performs better on low-powered devices, but one thing we had to sacrifice is TTFB.

In this article, we’ll see how we can identify what makes our TTFB high so we can fix it.

Read more

Top comments (0)

profile
Coherence
 Promoted

Billboard image

Deploy and scale your apps on AWS and GCP with a world class developer experience

Coherence makes it easy to set up and maintain cloud infrastructure. Harness the extensibility, compliance and cost efficiency of the cloud.

Learn more

Read next

adrian_zuplo profile image

The Ultimate Steam Web API Guide

Adrian Machado -

adrian_zuplo profile image

What is the Wikipedia API? How to Use It and Alternatives

Adrian Machado -

adrian_zuplo profile image

A Developer's Guide to the AliExpress API

Adrian Machado -

adrian_zuplo profile image

What is JSON Merge Patch?

Adrian Machado -

👋 Kindness is contagious

Please leave a ❤️ or a friendly comment on this post if you found it helpful!

Okay