Jump to: navigation, search

Security/Projects/Bandit

< Security‎ | Projects
Revision as of 18:00, 18 September 2014 by Jamiefinnigan (talk | contribs)

Overview

Bandit provides a framework for performing security analysis of Python source code, utilizing the ast module from the Python standard library.

The ast module is used to convert source code into a parsed tree of Python syntax nodes. Bandit allows users to define custom tests that are performed against those nodes. At the completion of testing, a report is generated that lists security issues identified within the target source code.

Bandit is currently a stand-alone tool which can be downloaded by end-users and run against arbitrary source code. As it matures and is proven to be useful, we see it being a possible addition to OpenStack CI gate tests with non-voting and eventually voting capabilities.

Links

Bandit makes use of the OpenStack CI infrastructure provided through StackForge:

https://github.com/stackforge/bandit

http://git.openstack.org/cgit/stackforge/bandit/

https://review.openstack.org/#/q/status:open+project:stackforge/bandit,n,z

Contributing

An easy way to contribute is to write a plugin/test that will allow Bandit to identify more security issues. Extensions and improvements to the underlying framework are also welcomed, although we'll be attempting to maintain stability in the interface that is presented to plugins.

See the links above for Bandit-specific information, and Gerrit Workflow for information on the general contribution/review workflow.

Team

Bandit is a project from the OpenStack Security Group.

Core project team:

  • Jamie Finnigan (chair6)
  • Travis McPeak (tmcpeak)
  • Nathan Kinder (nkinder)
Retrieved from "https://wiki.openstack.org/w/index.php?title=Security/Projects/Bandit&oldid=63094"