tessl/pypi-bandit
Security oriented static analyser for python code.
—
Pending
Quality
Pending
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
output-formatters.mddocs/
Output Formatters
Multiple report formats for security scan results supporting different use cases, CI/CD integration, and security tool workflows. Formatters provide structured output with severity filtering, confidence thresholds, and baseline comparison capabilities.
Capabilities
Formatter Interface
All formatters implement a standardized interface for generating security reports from scan results.
def report(manager, fileobj, sev_level, conf_level, lines):
"""
Generate formatted security report.
Parameters:
- manager: BanditManager instance containing scan results and metadata
- fileobj: File-like object for writing output (stdout, file handle, StringIO)
- sev_level: str, minimum severity level ('LOW', 'MEDIUM', 'HIGH')
- conf_level: str, minimum confidence level ('LOW', 'MEDIUM', 'HIGH')
- lines: int, maximum lines of code context (-1 for all, used to control output verbosity)
Returns:
None (output written to fileobj)
"""Built-in Formatters
Comprehensive set of output formats for different integration scenarios and reporting requirements.
JSON Formatter
# bandit.formatters.json
def report(manager, fileobj, sev_level, conf_level, lines):
"""
Generate JSON format report for programmatic consumption.
Output structure:
{
"generated_at": "ISO timestamp",
"version": "bandit version",
"metrics": { "files": N, "lines": N, "issues": N },
"results": [
{
"filename": "path/to/file.py",
"test_name": "test_id",
"test_id": "B101",
"issue_severity": "HIGH",
"issue_confidence": "HIGH",
"issue_text": "Description",
"line_number": 42,
"line_range": [42, 44],
"col_offset": 4,
"code": "source code context"
}
]
}
"""XML Formatter
# bandit.formatters.xml
def report(manager, fileobj, sev_level, conf_level, lines):
"""
Generate XML format report for enterprise tool integration.
Output structure:
<testsuite name="bandit" tests="N" errors="0" failures="N" time="X">
<testcase classname="bandit.file_path" name="test_id" time="0">
<failure type="severity" message="issue_text">
Detailed issue information and code context
</failure>
</testcase>
</testsuite>
"""HTML Formatter
# bandit.formatters.html
def report(manager, fileobj, sev_level, conf_level, lines):
"""
Generate HTML report with interactive features and syntax highlighting.
Features:
- Responsive web interface
- Sortable issue tables
- Syntax-highlighted code context
- Severity-based color coding
- Issue filtering and search
- Summary statistics and charts
"""SARIF Formatter
# bandit.formatters.sarif
def report(manager, fileobj, sev_level, conf_level, lines):
"""
Generate SARIF 2.1.0 format for security tool integration.
Static Analysis Results Interchange Format for:
- GitHub Security tab integration
- Azure DevOps security scanning
- VS Code security extension integration
- Security information and event management (SIEM) tools
"""CSV Formatter
# bandit.formatters.csv
def report(manager, fileobj, sev_level, conf_level, lines):
"""
Generate CSV format for spreadsheet analysis and reporting.
Columns:
filename,test_name,test_id,issue_severity,issue_confidence,
issue_text,line_number,col_offset,code_snippet
"""YAML Formatter
# bandit.formatters.yaml
def report(manager, fileobj, sev_level, conf_level, lines):
"""
Generate YAML format for configuration-driven workflows.
Structure mirrors JSON format but with YAML syntax for:
- Human-readable configuration files
- Infrastructure as Code security scanning
- GitOps workflow integration
"""Screen Formatter
# bandit.formatters.screen
def report(manager, fileobj, sev_level, conf_level, lines):
"""
Generate colorized terminal output for interactive usage.
Features:
- ANSI color codes for severity levels
- Structured terminal layout
- Summary statistics
- Progress indicators
- Human-readable formatting
"""Text Formatter
# bandit.formatters.text
def report(manager, fileobj, sev_level, conf_level, lines):
"""
Generate plain text report for log files and simple integration.
Plain text format without colors or special formatting:
- Log file compatible
- Email reporting
- Simple CI/CD integration
- Archive-friendly format
"""Custom Template Formatter
# bandit.formatters.custom
def report(manager, fileobj, sev_level, conf_level, template=None):
"""
Generate custom format using Jinja2 templates.
Note: Custom formatter uses 'template' parameter instead of 'lines'.
Template variables available:
- results: List of filtered issues
- metrics: Scan statistics
- version: Bandit version
- generated_at: Timestamp
Template file specified via --msg-template option.
"""Usage Examples
Command Line Formatter Usage
# JSON output to file
bandit -r /path/to/code -f json -o security_report.json
# HTML report with all issues
bandit -r /path/to/code -f html -o security_report.html
# SARIF for GitHub integration
bandit -r /path/to/code -f sarif -o bandit.sarif
# CSV for spreadsheet analysis
bandit -r /path/to/code -f csv -o issues.csv
# High-severity issues only in JSON
bandit -r /path/to/code -f json --severity-level highProgrammatic Formatter Usage
from bandit.core import manager, config
from bandit.formatters import json, html, sarif
import io
# Setup bandit manager
conf = config.BanditConfig()
b_mgr = manager.BanditManager(conf, 'file')
b_mgr.discover_files(['/path/to/code'], recursive=True)
b_mgr.run_tests()
# Generate JSON report
json_output = io.StringIO()
json.report(b_mgr, json_output, 'LOW', 'LOW', True)
json_data = json_output.getvalue()
# Generate HTML report
with open('security_report.html', 'w') as html_file:
html.report(b_mgr, html_file, 'MEDIUM', 'HIGH', True)
# Generate SARIF for CI/CD
with open('bandit.sarif', 'w') as sarif_file:
sarif.report(b_mgr, sarif_file, 'LOW', 'LOW', False)Custom Formatter Development
from bandit.core import test_properties as test
@test.accepts_baseline()
def security_dashboard_formatter(manager, fileobj, sev_level, conf_level, lines):
"""Custom formatter for security dashboard integration."""
import json
from datetime import datetime
# Get filtered issues
issues = manager.get_issue_list(sev_level, conf_level)
# Generate dashboard-specific format
dashboard_data = {
'scan_timestamp': datetime.utcnow().isoformat(),
'repository': manager.config.get_option('repository_name'),
'summary': {
'total_issues': len(issues),
'high_severity': len([i for i in issues if i.severity == 'HIGH']),
'medium_severity': len([i for i in issues if i.severity == 'MEDIUM']),
'low_severity': len([i for i in issues if i.severity == 'LOW'])
},
'categories': {},
'files_affected': list(set(issue.fname for issue in issues))
}
# Group by CWE categories
for issue in issues:
cwe_id = str(issue.cwe.id) if issue.cwe else 'Unknown'
if cwe_id not in dashboard_data['categories']:
dashboard_data['categories'][cwe_id] = []
dashboard_data['categories'][cwe_id].append({
'file': issue.fname,
'line': issue.lineno,
'severity': issue.severity,
'confidence': issue.confidence,
'description': issue.text,
'test_id': issue.test_id
})
# Output JSON for dashboard consumption
json.dump(dashboard_data, fileobj, indent=2)Integration with CI/CD Pipelines
# GitHub Actions example
- name: Run Bandit Security Scan
run: |
bandit -r src/ -f sarif -o bandit.sarif
bandit -r src/ -f json -o bandit.json --severity-level medium
- name: Upload SARIF to GitHub
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: bandit.sarif
# Jenkins pipeline example
stage('Security Scan') {
steps {
sh 'bandit -r src/ -f xml -o bandit.xml'
publishTestResults testResultsPattern: 'bandit.xml'
sh 'bandit -r src/ -f html -o security-report.html'
archiveArtifacts artifacts: 'security-report.html'
}
}Baseline Integration
# Generate baseline from current codebase
bandit-baseline -r /path/to/code -o baseline.json
# Run scan excluding baseline issues
bandit -r /path/to/code -b baseline.json -f json -o new-issues.json
# Compare with baseline in SARIF format
bandit -r /path/to/code -b baseline.json -f sarif -o delta.sarifInstall with Tessl CLI
npx tessl i tessl/pypi-bandit